Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Google Admits Streetview Cars Collected “Entire Emails, URLs and Passwords”

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Alan Eustace, Senior VP, Engineering & Research Google, in an interesting blog post on how Google will be creating stronger privacy controls, slipped in some interesting information at the end of his post. Eustace disclosed that after Streetview WiFi Payload data was analyzed by regulators, the investigations revealed that some incredibly private information was harvested in some cases. While the data was technically broadcasted to the public and anyone with the know-how and appropriate gear could collect the same information, it would be hard for anyone to collect such data on the massive scale that Google did.

Streetview Collecting Emails and Passwords

Google collected the data as a result of code integrated into the software used to identify and map WiFi signals. Google says the code was developed in 2006  by an engineer working on an experimental WiFi project that sampled all categories of publicly broadcast WiFi data. That coded ended up on the systems that power the data collection of the Street View cars.

In very last paragraph of his post written late today, Eustace writes:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.

Earlier this week, Canada’s Office of the Privacy Commissioner issued a press release saying that Google had contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks across the country. The office specifically stated that “Google Street View cars inappropriately collected personal information such as e-mails, usernames, passwords, phone numbers and addresses; Commissioner recommends stronger controls and improved privacy training.” Full release from Canada’s Office of The Privacy Commissioner is available here.

Additionally, in June, France accused Google of collecting private passwords during Street View mapping.

Related Video: Hacker Uses XSS and Google Street View Data to Determine Physical Location

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...