Google Photos, like many storage services, offers a data export tool that allows users to download all of the photos and videos they have stored on Google’s servers. Officially called Google Takeout, Google has started notifying users about a security flaw that was present in the export tool late last year. It’s a big one too, as it included videos belonging to other users in some export archives.
Google notified users of this security hiccup in an email it started sending out last night. Jon Oberheide posted a screenshot of the email Twitter, in which Google says that between November 21st and November 25th, this issue was active. “Unfortunately, during this time, some videos in Google Photos were incorrectly exported to unrelated users’ archives. One of more videos in your Google Photos account was affected by this issue,” Google wrote to affected users.
In that same email, Google recommends that those who were affected perform another export and delete the prior one, but doesn’t offer much recourse beyond that. Speaking to 9to5Google, the company also says that less than 0.01% of users were affected by this bug, but when you have as many users as Google does, 0.01% can still be a ton of people.
The company also provided a statement to 9to5Google that’s more or less a retread of the email it sent out. “We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again,” Google said. “We are very sorry this happened.”
At the moment, Google is catching some heat for being rather nonchalant about the whole issue, as it’s a pretty big deal that private videos wound up in other users’ exports. There’s no guarantee that affected users will delete videos that don’t belong to them, making the issue even more worrying. In any case, check your email, because if you were impacted by this issue, you’ll see a message from Google there.