A random person received over 1,700 Amazon Alexa audio recordings from another user
When does it end?
Whelp, it appears the “worst case” scenario for the reams of data that Amazon holds on consumers has happened. One of Amazon’s customers in Germany got more than he asked for when he asked the retail giant for all the data it held on him under the EU’s GDPR guidelines.
On downloading the zip file from the download link that Amazon furnished, he found himself perplexed. Having never used Amazon’s Alexa service himself, he was puzzled by finding 1,700 Alexa audio recordings amongst his other information.
Those audio files consisted of conversations between a man and a woman, and C’t Magazine, who first reported on this, was apparently able to identify them from the recordings.
More about the data leak
That’s a shocking lapse of Amazon’s privacy management. What’s more, the Alexa recordings allowed C’t to find almost exactly who the person was, by backtracing weather queries and names said during commands.
They couldn’t find a phone number, however, so they took to Twitter to ask for the person in the recordings to contact them. Almost immediately, they received a response.
He was understandably taken aback and confirmed everything that C’t had been able to infer from the recordings, including his girlfriend’s name.
Until C’t contacted Amazon about the breach, the retail giant hadn’t contacted either of the affected men. It did so several days after the magazine got in touch. It’s still unclear if Amazon has reported the breach to the data protection authorities, as required within 72 hours under the GDPR laws.
What does Amazon have to say?
On Thursday, an Amazon spokesman told Reuters that “the unfortunate case was the result of human error and an isolated single case.”
If it was human error, it’s clear that Amazon needs to add some checking stages to their process. That would have prevented the privacy issue here.
It’s not the first time that a privacy issue around Alexa has cropped up this year. Earlier in the year, a family in Portland had a conversation recorded and sent to a random contact.
- Facebook ignored its own privacy rules in secret deal with Amazon
- Facebook allowed Spotify and Netflix to snoop in on your private messages for some reason
- Another data breach is causing Google to shut down Plus sooner than expected
- The UK’s second-biggest airport was shut down for almost a day because of dumb drone pilots
- Humble Bundle suffered a mild data breach