An internal Google database containing six years’ worth of potential privacy breaches and security issues was recently obtained, and reveals—among many other things—that a Google employee used their access to watch a private YouTube video uploaded by Nintendo and leaked the details online.
On June 3, 404 Media reported that it had received a copy of a large Google-created database containing thousands of employee reports documenting various security and privacy issues involving customer data and content. According to the outlet, all of the information in the database was tracked from 2013 to 2018. Inside the database are stories of Google accidentally recording hundreds of kids speaking, inadvertently using Google Street View to catalog and store thousands of license plates, and exposing some Google Docs and Drive files as public even though they weren’t meant to be. Oops!
But one of the sillier and less serious violations noted in the database might explain how some Nintendo announcements leaked a few years back.
How a 2017 Yoshi game got leaked
As reported by 404 Media in a follow-up report, in 2017 a contractor with admin access who had previously worked with Google used their privileges to download and watch an unreleased trailer for a then-unnamed Yoshi game. The trailer was marked as private on Nintendo’s YouTube channel. The contractor reportedly shared a screenshot of the trailer with a friend, who then published it to Reddit, where it was spotted by another Google employee. That person then reported the incident internally.
According to an internal interview by Google, this incident was determined to be “non-intentional.” Below you can watch the trailer that was leaked early by a contractor. The game would later be named Yoshi’s Crafted World and would launch on Switch in 2019.
Here’s Google’s statement that it provided to 404 Media about this database and the issues documented in it:
At Google, employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer.
The reports obtained by 404 are from over six years ago and are examples of these flags—every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services.
Individually, most of these issues are minor and were, to Google’s credit, fixed quickly. However, it’s not comforting that one of the largest tech companies in the world—which monitors and collects millions of people’s data every minute—is seemingly capable of doing such a shitty job at managing private information and content safely and securely.
.