As the well-worn internet saying goes – there is no cloud, it’s just someone else’s computer.
This week, an unknown number of Google Photos users were alarmed to find that this can turn out to be true in surprisingly personal ways.
According to an email sent to affected users, between 21 and 25 November 2019 anyone using the Google ‘Download your data’ service might have experienced a serious glitch:
Unfortunately, during this time, some videos in Google Photos were incorrectly exported to unrelated users’ archives. One or more videos in your Google Photos account was affected by this issue.
Conversely, being a two-way issue, affected users might notice any videos in their archive not belonging to them.
The service is part of Google Takeout (or Google Takeaway) and can be used to download copies of a wide range of data relating to Google services, including photos and videos.
Google doesn’t state how many users this relates to but it’s safe to assume that if you used the function between those dates, you are probably affected.
One Google user who did was Duo Security co-founder and CTO, Jon Oberheide, who tweeted the news to the world after receiving the email this week:
To be clear, this is a big screw-up. I hope the number of affected parties is small, but the impact to those parties could be high...and very unsettling. But my real beef is with this nonchalant and non-specific notification email. Hopefully Google follows up with more comms.
— Jon Oberheide (@jonoberheide) February 4, 2020
After contacting Google for clarification, he was told that “unfortunately, we’re not able to provide a full list of impacted videos.”
Because the videos are now stored on other people’s computers, there is no obvious way of getting them back.
Google says it has now fixed whatever problem led to the issue and advises affected users to perform another data export of the same data while deleting any already downloaded. Re-downloading the data should overwrite any content as long as that archive itself hasn’t been backed up elsewhere.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
Jordan
Hi Sophos team – Quick correction – Jon is co-founder and CTO, not CEO. Thanks!
Paul Ducklin
Fixed, thanks.