Google has informed a few Google Photos users that their private videos may have been accidentally shared with strangers. The breach was caused by a bug inside Google Takeout, the search engine giant’s backup tool that lets users download their data, that mixed up a number of users’ archives between November 21 and November 25, 2019.
In that period, when affected users requested their data from Google, their archives may have, in addition to their own media, contained videos that were not theirs. Google says “one or more videos” of “less than 0.01 percent of Google Photos users” were leaked in the process. That’s still about 100,000 people given that the app has over a billion users. It’s worth noting, though, that the figure was officially last revealed last year in June.
“The underlying issue has been identified and resolved. We recommend you perform another export of your content and delete your prior at this time,” wrote Google in an email to affected accounts.
Google did not specify whether any other forms of media like GIFs or images were incorrectly shared. It’s also unclear if other Google products, all of which are linked to Takeout, were affected by this bug.
A commentator in a rising Reddit thread claimed that nearly 3% of video files in his Google Photos archive were not his and seemed to belong to three to four different accounts. “There is enough identifying info in some of these ones to find the owners,” he added.
The issue was not immediately resolved and patched five days later when the glitch was discovered.
“We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25. These users may have received either an incomplete archive, or videos — not photos — that were not theirs. We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again. We are very sorry this happened,” a Google spokesperson told 9to5Google.
This isn’t the first time Google Photos has compromised personal data. Last year, a vulnerability had allowed malicious actors to retrieve metadata of users’ pictures.