Google’s second massive leak in a week shows it collected sensitive data from users

What do the voices of 1,000 children and secret Nintendo company announcements have in common? They were inadvertently collected by Google, along with tons of other sensitive users’ information between 2013 and 2018.

A massive leak of thousands of privacy and security issues logged by Google employees was shared via an anonymous tip to 404 Media this week. It showed that a Google audio feature accidentally recorded the voices of children, that Google Street View was transcribing and storing cars’ license plates, and that Google-owned Waze was leaking the home addresses of users — among many, many other incidents, 404 Media reported.

In one blunder, a government client with a higher-tier Google cloud account was accidentally transitioned to a much-less-secure, consumer level account. On the less-accidental side, the leak to 404 Media showed that a Google contractor used their administrative privileges to access the gaming company Nintendo’s YouTube account and leak company information ahead of its official release.

Google did not immediately respond to Quartz’s request for comment, but the company told 404 Media that every incident “was reviewed and resolved at that time.”

“At Google employees can quickly flag potential product issues for review by the relevant teams,” Google told the online publication.

Google’s blunders have been piling up lately. The leak reported by 404 Media comes just one week after another big (though less controversial) leak from Google. Some 2,500 documents from Google’s Search division posted online last week raised further questions about how its Search algorithm works. Google has also been fielding complaints over some wacky, inaccurate answers posted by its new AI-powered search tool, AI Overviews. And before that, Google faced heat when it accidentally deleted a $125 billion Australian pension fund’s account, leaving fund members with no access to their accounts for more than a week.