Google resolves major privacy issue | Official Website of Louis Velazquez, entrepreneur, finance guy and tech innovator

Does Google care about your privacy?

It’s hard to say, considering that the most popular search engine in the world has about 99,000 search queries processed every second, which amounts to about 8.5 billion searches daily.

With so much data in your hands, it’s hard to control all of it and not use it in any way. The data includes the user’s browsing history, location, personal information, audio input, video views, and even information from other apps and websites that use Google services.

💵💰Don’t miss the move: Subscribe to TheStreet’s free daily newsletter💰💵

This is a business model that harnesses user data to serve targeted ads. It’s what the company does, right?

While this is true, the company has faced massive scrutiny over the years for various alleged privacy violations.

The tech giant faced multiple lawsuits and fines in relation to its privacy practices, writes Cotw. In 2012, it was fined $22.5 million by the Federal Trade Commission for violation of user privacy on Apple’s Safari browser.

In 2019, it had to pay a €50 million fine to France’s data protection authority for transparency problems regarding its data collection practices.

In 2024, the company agreed to eliminate billions of data records to settle a lawsuit alleging it tracked people who thought they were browsing privately, including those in “Incognito” mode.

And sometimes the company just makes a mistake, completely unintentionally. Fortunately, a new bug was revealed and reported on time, allowing Google to act before the issue exploded.

Hackers can steal private recovery phone numbers to access users’ bank accounts.

Image source&colon; TheStreet/Shutterstock

Google resolves defect that could reveal users’ private phone numbers

An independent researcher discovered a bug that could be used to find the private recovery phone number of almost any Google account without the owner’s knowledge or permission.

The researcher, operating under handle Brutecat, informed Google about this important security risk in April.

“This Google exploit I disclosed just requires the email address of the victim and you can get the phone number tied to the account,” Brutecat told The Register.

Obtaining a private recovery phone number can make Google accounts vulnerable to targeted attacks, such as takeover attempts. It could enable skilled hackers to more easily take control of that phone number with a SIM swap attack.

What is a SIM swap, and why is it important?

SIM hijacking happens when a customer’s phone number is transferred to a different SIM card or eSIM profile under the control of a criminal.

If the attack is successful, “the criminal may intercept the customer’s phone calls and text messages to receive one-time security codes from social media, banks, credit card companies, cryptocurrency exchanges, and other financial institutions, allowing them to potentially access those accounts and cause financial and reputational harm to the customer,” writes Verizon.

More Tech Stocks:

Fortunately, though, Google confirmed to Tech Crunch that it has fixed the bug.

Google awards the researcher who reported the bug with just $5,000

According to the researcher who reported the bug, Google was quick to resolve it, but Brutecat highlighted that the award suggests the tech giant didn’t consider the issue as serious as it is.

“Google was pretty receptive and promptly patched the bug,” the researcher said, according to The Register. “By depreciating the whole form compared to my other disclosures, this was done much more quickly. That being said, the bounty is pretty low when taking into account the impact of this bug.”

Under its bug bounty scheme, Google awarded Brutecat with $5,000.

“This issue has been fixed. We’ve always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue,” Google spokesperson Kimberly Samra told TechCrunch. “Researcher submissions like this are one of the many ways we’re able to quickly find and fix issues for the safety of our users.

Samra also noted that the company has not found any “direct links to exploits at this time.”