After attempting to access his own voice history per GDPR rules, an Alexa user in Germany suddenly found he was able to listen to some 1,700 voice recording from a stranger via a link sent by Amazon. The company is chalking the security snafu up to human error.
“This was an unfortunate case of human error and an isolated incident,” an Amazon spokesperson said in a statement provided to TechCrunch. “We have resolved the issue with the two customers involved and have taken steps to further improve our processes. We were also in touch on a precautionary basis with the relevant regulatory authorities.”
The Alexa user who was mistakenly given access reported the error to Amazon, but didn’t hear back initially. Amazon deleted the files from the link, but not before he’d downloaded them to his computer. A man and woman can be heard speaking in the recordings, according to the report. A local publication who was given access to the files was able to determine the identity of the user based on details from the recordings.
This is, of course, is precisely the kind of news Amazon is hoping to avoid, just ahead of the holidays. Alexa devices have been big sellers for the last few years, are aren’t likely to slow down any time soon. The increasing prevalence of such connected devices, however, has continued to fuel concerns around these always-on recording (and in some case filming) devices.