Connect with us

Hi, what are you looking for?


Application Security

Google Shared Private Videos With Wrong Users

A bug in the Google Takeout download service has resulted in some users’ videos being inadvertently shared with other people. 

A bug in the Google Takeout download service has resulted in some users’ videos being inadvertently shared with other people. 

The issue was revealed this week, when Google started sending notifications to impacted users. The incident, however, occurred last year, between November 21 and November 25. 

The bug, which Google describes as a technical issue, was triggered when users requested a Google “Download your data” export. The feature was designed to provide individuals with the ability to create backups of their data, including photos and videos in Google Photos, and leverages Takeout for the operation.

In the notification sent to the impacted users, Google reveals that those who used Takeout to download their data might have ended up with someone else’s videos in their Google Photos backups. 

The issue, it says, only impacts those who requested to download their data between November 21 and November 25 last year. 

“Unfortunately, during this time, some videos in Google Photos were incorrectly exported to unrelated users’ archives. One or more videos in your Google Photos account was affected by the issue,” Google wrote in the notification. 

What the company could not say, however, was how many of a user’s videos might have been affected in the incident. 

Advertisement. Scroll to continue reading.

The Internet giant also informed users that those who downloaded their data might find it to be incomplete or to include other people’s videos. 

Additionally, Google tells users that the problem was addressed, and encourages them to perform another export of their content, as well as to delete the previously created export. 

“We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25. These users may have received either an incomplete archive, or videos—not photos—that were not theirs,” a Google spokesperson told SecurityWeek.

“We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again. We are very sorry this happened,” Google also said, noting that less than 0.01% of Google Photos users were impacted by the incident, and that the bug “did not impact other data type of the data users can download via Takeout.”

Related: Cloud(y) with a Chance of a Data Breach

Related: Google to Ban Less Secure Apps in G Suite

Related: Google Photos Flaw Allowed Hackers to Track Users

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...