After attempting to access his own voice history per GDPR rules, an Alexa user in Germany suddenly found he was able to listen to some 1,700 voice recordings from a stranger via a link sent by Amazon. The company is chalking up the security snafu to human error.
“This was an unfortunate case of human error and an isolated incident,” an Amazon spokesperson said in a statement provided to TechCrunch. “We have resolved the issue with the two customers involved and have taken steps to further improve our processes. We were also in touch on a precautionary basis with the relevant regulatory authorities.”
The Alexa user who was mistakenly given access reported the error to Amazon, but didn’t hear back initially. Amazon deleted the files from the link, but not before he’d downloaded them to his computer. A man and woman can be heard speaking in the recordings, according to the report. A local publication that was given access to the files was able to determine the identity of the user based on details from the recordings.
This, of course, is precisely the kind of news Amazon is hoping to avoid, just ahead of the holidays. Alexa devices have been big sellers for the last few years, and they aren’t likely to slow down any time soon. The increasing prevalence of such connected devices, however, has continued to fuel concerns around these always-on recording (and in some case filming) devices.