News Insights: Google inadvertently sent photos uploaded by users to unknown third parties

Jon Oberheide on Twitter

Jon Oberheide on Twitter


News Insights:

Josh Bohls, Founder, Inkscreen:

“Every day, businesses and public sector organizations capture photos, audio, video, scanned documents and mixed media content gathered on mobile devices to conduct business – much of it captured on employee devices with little or no organizational governance over content or security and compliance protections.  Google’s lapse in sending individuals’ photos to other users sheds new light on this lack of protection and perilous compliance risk.

Whether the content is captured by insurance adjusters, healthcare professionals, critical infrastructure administrators, financial services liaisons or any number of similar professionals while performing routine line of business activities, the fact is that such potentially sensitive content could easily be inadvertently released in this Google privacy breach… or another breach down the road. IT, security, compliance and C-suite executives – whether with law firms, healthcare providers, insurance companies, or other regulated industries – need to wake up to this problem, evaluate secure content capture solutions for mobile users, and better protect and manage this content.”


Paul Bischoff, privacy advocate with Comparitech, commented:

“The irony is that many Google Takeout users download their data and subsequently remove it from Google servers because they don’t trust Google to protect it for them. Now the action they took to improve their privacy has had the exact opposite effect. Perhaps the worst part is that users have no clue as to whether another person is now in possession of their photos or videos, and no recourse to get them back. Users who downloaded data through Google Takeout should go through their photos and videos to see if there’s anything that could be harmful to them in the wrong hands, be it nude photos or important documents. From there, all they can do is prepare for the worst—extortion, identity theft, etc—and hope for the best.”