Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Google Admits Streetview Cars Collected “Entire Emails, URLs and Passwords”

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Alan Eustace, Senior VP, Engineering & Research Google, in an interesting blog post on how Google will be creating stronger privacy controls, slipped in some interesting information at the end of his post. Eustace disclosed that after Streetview WiFi Payload data was analyzed by regulators, the investigations revealed that some incredibly private information was harvested in some cases. While the data was technically broadcasted to the public and anyone with the know-how and appropriate gear could collect the same information, it would be hard for anyone to collect such data on the massive scale that Google did.

Streetview Collecting Emails and Passwords

Google collected the data as a result of code integrated into the software used to identify and map WiFi signals. Google says the code was developed in 2006  by an engineer working on an experimental WiFi project that sampled all categories of publicly broadcast WiFi data. That coded ended up on the systems that power the data collection of the Street View cars.

In very last paragraph of his post written late today, Eustace writes:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.

Earlier this week, Canada’s Office of the Privacy Commissioner issued a press release saying that Google had contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks across the country. The office specifically stated that “Google Street View cars inappropriately collected personal information such as e-mails, usernames, passwords, phone numbers and addresses; Commissioner recommends stronger controls and improved privacy training.” Full release from Canada’s Office of The Privacy Commissioner is available here.

Advertisement. Scroll to continue reading.

Additionally, in June, France accused Google of collecting private passwords during Street View mapping.

Related Video: Hacker Uses XSS and Google Street View Data to Determine Physical Location

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.