Amazon sent private Alexa audio recordings to a random person

James Marshall
December 23, 2018

Due to human error, a German user of Amazon Alexa received access to more than one thousand voice recordings created by someone else.

The man heard on the audio files was identifiable through the information on the Alexa recordings and contacted by the German magazine. "We have resolved the issue with the two customers involved and have taken steps to further improve our processes", an Amazon spokesperson told The Verge in a statement. Later, he contacted a German publication C't, as he got concerned for the user. Back in May, an Amazon Echo mistakenly recorded a Portland family's conversations and then sent them to a person in their contacts list without their knowledge. By the time Amazon realized the mistake and cleaned the download package, the customer had already downloaded all the files. Those who have been viewing voice commerce as a high priority, and have been emphasizing voice application development ahead of other projects are unlikely to slow down, with the base of smart speaker device users still growing at a double-digit rate. Additionally, Amazon has been working with authorities, such as the European Union's General Data Protection Regulation administrators, to prevent future data leak incidents, Business Insider reported.

Besides sending someone's private recordings to a complete stranger, Amazon made it worse by not replying to the man who had received the recordings. When he unzipped the files, he discovered that the folder not only had information pertaining to his everyday Amazon searches but it also had around 1,700 WAV files and a PDF which contained transcripts of Alexa's interpretation of voice commands.

Imagine you have Amazon Alexa-enabled speakers all over your house.

This isn’t the first time an Amazon user received recordings of someone else.
Elaine Thompson  AP
This isn’t the first time an Amazon user received recordings of someone else. Elaine Thompson AP

Steve Kuncewicz, a partner at law firm BLM said that it was "quite embarrassing" for Amazon but the fact that it only involved the data of one person meant the regulator might "take a pragmatic approach". There were also alarms, Spotify commands, public transport and weather inquiries.

It's not an Alexa bug, but "a human error" made by the company, Reuters explains.

Amazon did not answer Gizmodo's questions about how a human error led to this privacy infringement, or whether the company had initially contacted the victim to inform them their sensitive information was shared with a stranger.

Other reports by

Discuss This Article