Alexa, Amazon’s virtual assistant, accidentally shared 1,700 recordings of a stranger with an Alexa user.
While reading up on voice and virtual assistants, I came across this news and researched further.
Apparently, back in August, a Germany based Amazon.com customer, under the alias Martin Schneider, used the priviledges granted to him under the European Union’s General Data Protection Regulation (GDPR) to seek a copy of all the data Amazon had on him.
Fast forward some months later, he received a 100MB file which reportedly contains all the data Amazon had on him. When he unzipped the file, he found out that the file not only contained his information but also had about 1,700 WAV files (recorded files), none of which he could recognise and a PDF which contained transcripts of Alexa’s interpretation of voice commands.
Thing is Martin Schneider owned no Alexa enabled device. He then reported to Amazon to inform them about the error, but to no avail. Upon sharing the story with German magazine, an analysis was performed and an informative picture was drawn figuring out his personal habits, devices he owns, taste in music, even the identity of his girlfriend.
As it turns out, both the men had filed a request under the GDPR, requesting Amazon to provide them a copy of their data. However, an Amazon-employee accidentally send the wrong data to the wrong person. The company later called both the men explaining them the situation.
Note that is not the first time that Amazon has been caught in such a spot. Earlier this year, Alexa accidentally sent a recording of a Portland-based man and his wife to the man’s colleague sitting far away in Seattle. Amazon later explained that Alexa that the situation was a part of a glitch where Alexa misunderstood the conversation as a command and sent out the information.