Brand-authorized service repairs are generally considered to be a safe space when talking about personal data stored on the device, but maybe they’re not. Popular game designer and author Jane McGonigal faced a rather unpleasant situation after she found that private photos on her in-warranty Pixel 5a had been accessed while the phone was sent for repair.
Jane tweeted her horrifying experience stating that her online accounts, including Dropbox, Gmail, etc. had been compromised. “I can see from activity logs they opened a bunch of selfies hoping to find nudes,” she wrote.
First reported by The Verge, Google is now aware of the said incident and confirmed that it’s investigating the issue. Jane later tweeted that she learned from unofficial sources that “Google is looking into it and it’s getting escalated.” However, as of now, she hasn’t got any official update from Google nor whereabouts of the missing device are known.
She mailed the device for repair in October but never got it back. Instead, she was charged for a replacement unit in the coming weeks which was refunded. Back then, Google told her it didn’t receive the device but the FedEx tracking details confirmed that the device reached the repair facility.
Later, she found that someone tried to remove two-factor authentication and access her accounts. According to a Google spokesperson, it’s yet to be known whether the device was intercepted at the repair facility or while in transit.
Earlier this year, Apple ended a multi-million dollar settlement with a woman whose explicit photos were leaked by two iPhone repair contractors at Pegatron’s California facility.
With the device out of the user’s reach, there can’t be a 100% guarantee that their data is landing in safe hands, even in the case of in-store repairs. Hence, it’s always advised to backup and erase the device before sending for repairs, which is also mentioned in repair guidelines of various companies, including Google and Apple.
However, as Jane pointed out, that may not possible in every case. “A consumer can’t factory reset a phone that won’t turn on. I took every other recommended step to secure it including Lock my Phone and Erase my Phone via Google’s FindMyPhone service. It did not work,” Jane said in another tweet.
In a rare sight, those who can repair devices on their own are the only ones who can take a breath of relief. Still, you can add an extra layer of security by using features like Google Photos locked folder to store sensitive images.
The news follows a recent report of user data being compromised during a Google repair. Moreover, it comes at a time when the Right To Repair movement is gaining traction across the globe. Recently Apple announced that it would offer self-service repair kits for its devices that tech-savvy users can leverage.