Alexa leak

Alexa Leak Reveals Private Audio Recordings to Another User

By Robert N. Adams

An Alexa leak has taken place as a result of a GDPR request by a customer of Amazon’s German website. The customer wanted some files and he got them from the retailer — but the files belonged to a completely different person.

One of the provisions of the GDPR effectively allows a citizen of the EU to request any data a company may have on them. An unnamed customer of Amazon.de did exactly that and was surprised to receive over 1,700 files from the company. Surprisingly, the audio recordings were of someone else entirely.

It’s difficult to tell exactly how this Alexa leak took place. The company referred to the incident as an “isolated single case” and blamed the issue on human error. The consequences of this Alexa leak could have been terribly serious, especially because of the nature of such a device.

The magazine C’t had contacted the customer who erroneously received the recordings and received some of them. They began an analysis [PDF] of these voice files and were able to piece together several key facts about the original owner of the sound files:

  • The Alexa leak voice recordings were of a man.
  • A woman also spoke on the device, implying that he lives with a woman or a woman visits frequently.
  • The man had at least two devices: a voice-controlled Fire box and (of course) an Echo.
  • Questions about weather and public transportation gave the magazine an idea of the user’s location.
  • Spoken first names (and an occasional last name) allowed them to track down the user via social media.

Ultimately, C’t contacted the victim of the Alexa leak and informed him of the situation. Surprinsgly, he had stated that he was not told by Amazon about the breach. Furthermore, the erroneous recipient of the files had also received no response from Amazon when he had reported the issue to them.

Although Amazon has made a statement on the matter, it’s unclear whether or not they’ve correctly followed procedures for such a data breach as outlined in the GDPR. They have 72 hours from notification of a breach to inform the affected customers and we can’t be certain whether or not they complied within the prescribed timeframe. However this turns out, one ought to keep in mind what they’ve said to their voice-controlled devices and what might happen if that information gets loose in the world.

[via KnowTechie]

Robert N. Adams
Robert N. Adams

I've had a controller in my hand since I was 4 and I haven't stopped gaming since. CCGs, Tabletop Games, Pen & Paper RPGs - I've tried a whole bunch of stuff over the years and I'm always looking to try more!

Share article

Upcoming Releases

Stellar Blade

Eve and her comrades land on the surface to reclaim the extinct Earth and cross paths with a survivor named Adam. Eve is then led by Adam to the last surviving city, Xion, where she meets the elder of the town Orcal and is told many stories. In order to serve her mission to save Earth, Eve develops close relationships…

Homeworld 3

Tactical, beautiful, and wholly unique, the GOTY-winning sci-fi RTS returns with Homeworld 3. Assume control and battle through fleet combat in dazzling, fully 3D space while the award-winning story unfolds on a galactic scale.

Senua’s Saga: Hellblade II

The sequel to the award winning Hellblade: Senua’s Sacrifice, Senua returns in a brutal journey of survival through the myth and torment of Viking Iceland. Intent on saving those who have fallen victim to the horrors of tyranny, Senua faces a battle of overcoming the darkness within and without.

Reviews

9 SCUF Reflex Review

SCUF Reflex Review

SCUF is the brand that comes to mind for most people when it comes to custom gaming controllers. It’s been…
Tech

Related

X