Google Pixel repairs resulted in leaked pics and a privacy nightmare

After game designer and author Jane McGonigal sent her Pixel 5a to Google for repair, someone allegedly took and hacked into her device. This is at least the second report in as many weeks from someone claiming to have sent a Google phone in for repair, only to have it used to filter their private data and photos. McGonigal posted a detailed account of the situation on Twitter on Saturday and advised other users not to send their phones in for repair with the company.

In October, McGonigal shipped his damaged phone to an official Pixel repair center in Texas. She later tweeted that Google said it never received the phone and, over the next several weeks, they charged her for a replacement device.

But according to McGonigal, FedEx tracking information shows that the device arrived at the facility weeks ago. Late Friday night, a few hours after she says she finally received a refund for the device, someone appears to have used the “lost” phone to clear the two-factor authentication checks and log into several of her accounts, including Dropbox, Gmail. and Google Drive.

The activity triggered multiple email security alerts to McGonigal’s backup accounts. However, she speculates that whoever has the phone may have used it to access their backup email addresses and then dumped the security alerts into their spam folder.

“The photos they opened were of me in a bathing suit, sports bras, tight and stitch dresses after surgery,” writes McGonigal. “They removed the Google security notifications on my backup email accounts.”

Google spokesman Alex Moriconi initially said The edge that the company is investigating the matter, but it now appears that the investigation has been completed. “After a thorough investigation, we can say with confidence that the issue affecting the user was not related to the RMA of the device. [Return Merchandise Authorization]Moriconi said. “We have worked closely with the user to better understand what happened and how best to protect the account in the future.”

Google’s official repair instructions recommend backing up and then wiping a device before shipping. Still, as Jane McGonigal points out, that’s difficult or impossible, depending on the damage. It is not yet clear whether the device may have been intercepted within the repair facility or while in transit, or who has it now. “Based on my discussions with Google Security, I don’t think FedEx is a problem with what happened to my account,” McGonigal said. The edge.

Just two days after McGonigal’s complaint, it appears that he got help from Google. “Pixel Support and Google Security have been extremely helpful today, I am pleased to report,” he tweeted. McGonigal also notes that in response to his case, Google may begin providing additional instructions for users with broken devices who are unable to perform a factory reset.

The whole situation reminds us of safety concerns every time we turn in our devices for repair and, unfortunately, such activity is unprecedented. In June, Apple paid millions to a woman after repair technicians posted her nude photos on Facebook. Apple recently said it would start selling DIY repair kits, giving users the opportunity to repair their own phones, or at least have someone they trust do the job, rather than shipping or dropping them off at an Apple store.

For Pixel phones, your options for official service are by mail or, in some countries, local service through an authorized provider. In the US, Google partners with uBreakiFix franchises. No matter what phone you have, repair options remain somewhat limited, and you end up having to trust that no one with malicious intent will get their hands on your phone while it is out of their possession.

Updated December 14 at 2:00 pm ET: Updated to add an additional statement from McGonigal about his conversation with Google Security.

Update December 7, 6:20 pm ET: Updated to add a statement from a Google spokesperson on an update on the company’s research. Also added a December 6 tweet from McGonigal, as well as additional context about that tweet.

Leave a Comment