A leaked copy of an internal Google database revealed thousands of privacy-related incidents from 2013 to 2018, according to a report from 404 Media published Monday.
The leaked information, sent to 404 Media by an anonymous tipster, reveals flagged instances where Google’s privacy guardrails may have failed. Business Insider has not been able to view the leaked information.
The incidents were reported by employees between six and nine years ago, a Google spokesperson said. All the incidents have been reviewed and resolved, meaning any private information has been deleted, a Google spokesperson told Business Insider.
Some of the instances listed in the leaked information included a blurring mishap on YouTube that exposed the uncensored versions of images and a Waze Carpool incident that shared users’ home addresses.
In one incident, a Google speech service logged audio of an estimated 1,000 children for about an hour, the report said. Another situation involved Google’s Street View saving license plates due to an algorithm that detected text in images, according to the 404 Media report citing the leaked information.
According to Google, several flags detailed in the 404 Media report and shared with the tech giant were not incidents at all, or they involved issues from third-party platforms.
For example, some were internal security team simulations aimed at enhancing product protections or false alarms on product bugs, according to Google. The company said others were third-party issues from a vendor Google used for employee travel and a WiFi network scam attempt at an industry conference.
The list of incidents is the second internal leak in the last week; 2,500 documents were released on May 27, appearing to reveal secrets to how Google organizes the web. The leak sent SEO experts into a fury, with some claiming that Google hadn’t always been honest about how it ranks sites.
While the previous incident resulted in distrust from website owners and SEO experts, this leak threatens Google’s reputation with everyday users. The leak also comes during a time when Google’s reliability is already in question after inaccurate responses from AI Overviews forced them to scale back the feature.
The latest leak also sheds light on how Google deals with these incidents. Few of the documented incidents were publicly reported, according to 404 Media. Rather, they entailed an employee flagging them and giving them priority rating before the relevant response team investigated them.
Since Google prioritizes improving products, it encourages employees to file internal incident reports, and they’re taken seriously, according to the company. But Google said this often results in reports labeled as high priority not matching the ratings determined by the security response team.
Google told Business Insider it implemented hundreds of new and additional protections over the last six years to ensure user security and privacy. For example, it updated YouTube’s policy around kids and data protection in 2019, limiting data collection on videos made for kids to only what is needed to support the service.
Google said its products also regularly undergo independent verification of security, privacy, and compliance controls to achieve global standards.