An Alexa user in Germany ended up downloading 1,700 audio files of a stranger’s conversation when he was trying to access his own Alexa data.
The customer realized this when he requested access to past recordings of his own activities, and when Amazon, the parent company of the device, sent him the link, he also found recordings of another’s customer’s conversation—precisely 1,700 audio files worth, Reuters reported from Frankfurt.
Amazon was unable to confirm with the Daily Dot exactly how much time 1,700 audio files is exactly, but explained that a single Alexa command would constitute a single file. In essence, a typical Alexa command, such as “Alexa, play the music!” would be one file.
When the customer first contacted Amazon about the issue, he didn’t hear back—and soon found out the link that the retail giant sent him had removed the stranger’s audio files. But the customer had already downloaded the file and thus still had access to the stranger’s files, according to Reuters.
The company told the Daily Dot it was an “isolated incident” and attributed it to a “human error.”
“We have resolved the issue with the two customers involved and have taken steps to further improve our processes. We were also in touch on a precautionary basis with the relevant regulatory authorities,” Amazon added.
Amazon also told the Daily Dot that it has apologized to the customers.
Twitter users are reacting to this latest data breach with outrage and shock.
not only does amazon echo keep audio recordings forever on their servers, they also:
☑️ sent a customer someone else's audio files in a GDPR request
☑️ pretended it didn't happen
☑️ ignored them trying to report it https://t.co/IePe5uZU6p
— Internet of Shit (@internetofshit) December 20, 2018
— Dan Stoller (@realdanstoller) December 20, 2018
So, while the bad news is this could potentially happen to anyone, the good news is we’re not yet unfazed by such issues.