It was deleted. Here is the OG Text:
"Ok so this just happened. Buckle up.<p>About a month ago my wife broke her pixel phone. It couldn't be turned on so we couldn't wipe it.<p>We contact Google and used the device care to get an RMA.<p>Today someone posted nude pictures of my wife and I to her social media accounts. They accessed her Google account and tried to lock us out. They used her PayPal to send someone $5 (a test probably).<p>How could this happen? Well Facebook and Instagram show logins from Texas. The old phone still showed on our find my phone app and it was in Texas. Guess where we sent the phone for RMA? The last ping from the old phone (which was today) was the same as the place we shipped it. The exact location down to the very building. Clearly they fixed the old phone and since it wasn't wiped, was still logged into her Google account.<p>I called Google and they basically said "woah that's fucked up we'll get back to you". We filed a police report but I don't expect they will do anything.<p>What are my options here for sueing Google? I know that sounds insane but this breach of trust and privacy is egregious. Hundreds of people have now seen my penis including our friends kids. It's really fucked up.<p>Any advice on what to do here?"<p>my big question is whether this phone is password enabled. also this stinks because i know the first comment is "well do a factory reset" but if the phone doesn't turn on, etc. then i don't believe that is possible (short of possibly ADP which is out of the reach of 99% of people)
I've worked in these contract cellphone repair/refurbishment facilities many years ago, the big warehouses where telecoms and manufacturers send these warranty phones to be triaged and repaired, and let me tell you, something like this is not surprising at all. Most of the people there did good work, but all it takes is one. Personally I'd never send my phone in to repair, and I'm skittish about buying any refurbished phones.
I read a history of the NSA recently [0], and what struck me is that every time the NSA's code-breaking techniques were invalidated, this was due to a US agent leaking secrets to adversaries. If the NSA cannot address every insider threat, why do we expect tech companies to be hermetically sealed?<p>[0] <i>Code Warriors</i>, Stephen Budiansky (<a href="https://www.penguinrandomhouse.com/books/236807/code-warriors-by-stephen-budiansky/" rel="nofollow">https://www.penguinrandomhouse.com/books/236807/code-warrior...</a>).
Last time I sent a phone into repair, I wiped and reset it, presumably so that techs could test it properly (broken screen and digitizer). I wish I didn’t have to; but when you’re logged into everything, your bank is there too, and your phone is the second factor in a lot of things, damn it’s too much of a risk.<p>I wish phones could boot into some kind of field tech/diagnostics mode where all aspects of hardware could be tested as thoroughly as needed. Maybe there exists one and I’m just ignorant?
I’ve taken my iPhone to a couple of repair shops. They always ask for the pin code and I always refuse and say it’s a work phone. Very much hoping the secure enclave works and my data has not left the phone.
The RMA instructions should include using android.com/find to lock and wipe an inoperable device if it ever gets turned on again.<p><a href="https://support.google.com/accounts/answer/6160491?hl=en" rel="nofollow">https://support.google.com/accounts/answer/6160491?hl=en</a>
This should be a reminder to the rest of us that IT and technicians are humans with human vices, and a large fraction of them will look at anything they can find. For every nude that gets posted online a thousand are added to personal collections. Unless they have someone looking over their shoulder or are in a hurry, they <i>will</i> scroll your photos for anything juicy.
I've lost a laptop in an airport shuttle with intimate pics on it once, and got worried sick.<p>After that life lession, I always made sure to have a veracrypt partition for this stuff. But a separate, offline device is better of course.
I used to work at a att store. This is common. One particular incident involved a ring of workers at multiple stores who had a shared Dropbox they would upload anything they found to. Any time you hand your phone over to underpaid 20 year old guys you should be erasing everything sensitive
How do you disable your old phones especially those those that do not work (due to shattered screen mostly) before giving them up for recycling or buyback?<p>I am always worried someone will fix and misuse my old phone.
These are the steps I take to repair my phone when it doesn't boot.<p>1. Remove phone case.
2. Desolder eMMC chip after looking it up which one it is online.
3. Put eMMC in old coffee grinder, grind away.
4. Buy new phone.
This sort of leaking is now a felony in most US jurisdictions, e.g. Illinois: <a href="https://www.criminaldefenselawyer.com/resources/revenge-porn-illinois.htm" rel="nofollow">https://www.criminaldefenselawyer.com/resources/revenge-porn...</a>
Flagged because the original post and its details were deleted. There's just a pointless conversation about whether you should contact a lawyer, which is literally the only thing this person should have done.
We need to educate people on how to secure the data on their phones so that even the manufacturer cannot reach it. And if that is not possible for a particular device, that should be clearly understood so people can make an informed choice about what smartphone they use.<p>Can't just tell people 'do not put nudes on your phone' because while it's good advice, it misses the point.<p>And, of course, whoever does something like this should be strung up by their toenails in the public square.
To be fair, when sending a Pixel for reparations, Google very clearly and explicitly asks to factory_reset the phone.<p>I personally didn't reset it when I sent my Pixel 3 to fix the charging port because my Pixel was fully encrypted.<p>All Pixels are encrypted by default as long as you have any kind of lock method enabled (PIN, password, shape...).<p>I don't really understand how this person got his files in cleartext and accessible.
Bit of a shame that this will go viral and we’ll never know if Google would have properly handled this on their own. I’d like to think yes but it’s tough to believe the crook’s first attempt at this was also the first time they were caught.<p>That said, I’m wondering if Google didn’t farm out their repair work to a 3rd party, leading to this situation.
The link offers no proof, but that's somewhat understandable (I wouldn't want to dox myself either after such an event). If the claim is true, I hope they find an appropriate way of broadcasting it with credibility.
I'm sick of people, so I'm not going to read the inevitable comments that are going to come. Look, face it, some people like taking nude photos of themselves and they like sharing them with their partners. There is absolutely nothing wrong with this. It's not their fault if something like this happens. People should be able to feel secure in the tech that they use, in the companies that they entrust their information with. It's a fuckload of bullshit victim blaming and I see it every time the topic comes up. I'm sick of it.
What would reddit be without heavy handed moderators deleting interesting and relevant comment replies? You can read a lot more of the discussion here:<p><a href="https://www.reveddit.com/v/legaladvice/comments/r632w5/sent_my_phone_to_google_for_replacement_they/?ps_after=1638337537" rel="nofollow">https://www.reveddit.com/v/legaladvice/comments/r632w5/sent_...</a>
Somewhat related, but not long ago my Macbook had a bulging battery issue and the Apple just flat refused to service it under warranty because I would give them the credentials to unlock the bios. The "genius" told me "but you leave your keys when you drop your car at the garage!".<p>I had to send the computer across the country for corporate IT to wipe it before getting it serviced, for a battery replacement..
Normal link<p><a href="https://www.reddit.com/r/legaladvice/comments/r632w5/sent_my_phone_to_google_for_replacement_they/" rel="nofollow">https://www.reddit.com/r/legaladvice/comments/r632w5/sent_my...</a>
Post has been deleted. Can somebody explain what happened exactly? I have a hard time believing Google posted nudes on social media and stole money from him.
Even worse: Never lend your google phones to friends. If they hard reset the phone before handing it back to you, Google will refuse to reactivate them. I exhausted every option with their support and am left with a $800 brick.
[dubious - discuss]<p>There's a few things that make this pretty unlikely. Google doesn't triage or repair the phones themselves, they contract it out just like everyone else. And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.<p>I'm not saying it's false, but I would definitely take it with a grain of salt.<p>That said, before you send any devices in for repair, you should wipe them to the best of your ability. Also, you should set a secure password (PIN, pattern, etc) - even if you set your device to not lock, you can encrypt/require password on startup, which would prevent the repairperson from <i>seeing</i> the photos much less posting them.
Not here to victim blame, but just point out some things to help others in the future.<p>1. Use a password and encryption
2. If you can still turn on the device, wipe it before you send it off for an RMA.
3. If you can't access the device, login to your account online and remove access to it. You should do this even after you wipe it.
4. Save everything sensitive on removable storage medium by default.