A new report alleges Google’s mail-in repair service for Pixel phones resulted in stolen photos and a hacked device for one woman. Google says it is investigating.
As detailed by The Verge, game designer and author Jane McGonigal sent her Pixel 5a phone to a Google repair center in Texas in October, but was told by the company that it did not receive the phone and she was charged for a replacement device. But McGonigal says FedEx tracking information shows it arrived at the facility, and recently finally got Google to refund her the value of the replacement device. However, she found that someone used the phone to clear two-factor authentication and log into several of her accounts including Dropbox, Gmail, and Google Drive.
“The photos they opened were of me in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery,” McGonigal writes on Twitter. “They deleted Google security notifications in my backup email accounts.”
She says that this occurred even though she tried to erase the phone and lock it from Google’s “find my phone” service. The malicious activity triggered multiple security email alerts to her backup account, but McGonigal believes whoever had the phone used it to access her backup email and marked those alerts as spam.
Yeah, don’t send your Google phone in for warranty repair/replacement. As has happened with others, last night someone used it to log into my gmail, Drive, photos backup email account, dropbox, and I can see from activity logs they opened a bunch of selfies hoping to find nudes
— Jane McGonigal (@avantgame) December 4, 2021
“The hacker changed my Gmail settings to mark all security messages from Google as spam, so when I checked my spam folder that’s where all the security alerts went while they were hacking me,” she says.
A Google spokesperson told The Verge that it was investigating the claim, and it’s not clear if the phone was intercepted upon arrival or before delivery at the repair facility, or if someone at the facility took the phone and claimed it had not been delivered.
Google recommends backing up and then erasing a device before sending it in, but McGonigal notes this isn’t something that always can be done.
“A consumer can’t factory reset a phone that won’t turn on,” she notes. “I took every other recommended step to secure it including Lock my Phone and Erase my Phone via Google’s FindMyPhone service. It did not work.”
The Verge says this is one of two cases it has been alerted to of such a situation taking place, and also notes that it’s not the only time this has happened, as Apple paid millions to a woman in June after repair technicians posted her nude photos to Facebook. At least in this case, McGonigal’s experience has resulted in some positive change.
“Pixel Support and Google Security have been extremely helpful today I am happy to report,” she says. “The best thing to come out of this is there will be added security instructions for people who cannot factory reset their phones due to phone damage. This is good and should help a lot.”
Image credits: Header photo licensed via Depositphotos.