Technology, Top News

Amazon gave a customer access to somebody else’s Alexa recordings by mistake

THIS IS ONE OF those stories that starts off feeling unsettling and gets more so with each unnerving detail until it reaches its entirely satisfying conclusion. So strap in, Alexa users.

According to German trade publication c’t, an Alexa user in the country was able to access recordings picked up by an Echo device that wasn’t his. The man in question – who goes by the pseudonym Martin Schneider – had ironically requested Amazon provide him with all the data collected by the company under GDPR. Amazon took the customer’s GDPR request and treated it as a lucky dip, providing Schneider with a library of over 1,700 recordings belonging to someone else’s Echo.

How could he be so sure? Well for one thing, neither of the voices were his. For another, said voices were controlling smart home kit he didn’t own. And for a third damning point, he doesn’t even own an Alexa device.

Amazon didn’t respond to Schneider’s inquiries, other than to delete the archive they’d already sent him, which was very much the definition of shutting the stable door after the horse has bolted. In fact, the horse had not only bolted, but sired a whole stable of fowls, given Schneider had already contacted c’t, who had in turn been able to figure out who the mystery voices on the recordings belonged to.

C’t contacted the people on the recordings – who must have been delighted to know that their private chats with Alexa had been shared with local news.

So, how did this happen? It turns out both men has requested their data under GDPR, and Amazon had just sent each set of files to the wrong person, ironically causing more GDPR paperwork.

“This was an unfortunate case of human error and an isolated incident,” said Amazon in a statement. “We have resolved the issue with the two customers involved and have taken steps to further improve our processes.”

(Bold use of the words “further improve” to describe a process than has demonstrably failed, but okay.)

“We were also in touch on a precautionary basis with the relevant regulatory authorities,” the company added. Let’s just hope they contacted the right people this time. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend