Security Experts:

Connect with us

Hi, what are you looking for?



Google Admits Streetview Cars Collected “Entire Emails, URLs and Passwords”

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Alan Eustace, Senior VP, Engineering & Research Google, in an interesting blog post on how Google will be creating stronger privacy controls, slipped in some interesting information at the end of his post. Eustace disclosed that after Streetview WiFi Payload data was analyzed by regulators, the investigations revealed that some incredibly private information was harvested in some cases. While the data was technically broadcasted to the public and anyone with the know-how and appropriate gear could collect the same information, it would be hard for anyone to collect such data on the massive scale that Google did.

Streetview Collecting Emails and Passwords

Google collected the data as a result of code integrated into the software used to identify and map WiFi signals. Google says the code was developed in 2006  by an engineer working on an experimental WiFi project that sampled all categories of publicly broadcast WiFi data. That coded ended up on the systems that power the data collection of the Street View cars.

In very last paragraph of his post written late today, Eustace writes:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.

Earlier this week, Canada’s Office of the Privacy Commissioner issued a press release saying that Google had contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks across the country. The office specifically stated that “Google Street View cars inappropriately collected personal information such as e-mails, usernames, passwords, phone numbers and addresses; Commissioner recommends stronger controls and improved privacy training.” Full release from Canada’s Office of The Privacy Commissioner is available here.

Additionally, in June, France accused Google of collecting private passwords during Street View mapping.

Related Video: Hacker Uses XSS and Google Street View Data to Determine Physical Location

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...