Google has found itself in some hot water recently, as two different accounts of leaked and hacked personal information from Pixel phones sent in for repair have been shared online. The most prominent case involves author and game designer Jane McGonigal who says she sent her Pixel 5a to an authorized repair shop in Texas, only to have her personal information and private photos exposed to a hacker.
According to McGonigal, when she sent back her Pixel 5a, Google never confirmed that it received the device and charged her for a replacement device soon after (a charge she’s since been refunded). However, FedEx’s tracking confirmed that the phone did arrive at the repair facility, and that was even more evident once McGonigal noticed what was going on.
On Friday, she noticed that Google’s missing phone feature was used to disable two-factor authentication on the device, after which her Gmail account, Google Drive, and Dropbox were all accessed. According to her account’s logs, the hacker was sifting through her accounts for explicit photos, with McGonigal noting that photos they accessed “were of me in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery.” The hacker was even smart enough to mark security alerts from Google as spam so McGonigal wouldn’t see them in her inbox.
also to be clear I have been on Google support and Pixel support dozens of time all week BEFORE the hack happened, asking them to investigate why my phone marked delivered by FedEx 'disappeared' at the warehouse. At any time someone could have offered me any security advice?!
In addition, McGonigal says she had been in touch with Google’s support lines “dozens” of times inquiring about why her phone seemingly disappeared from the repair shop. At this time, it doesn’t seem like she’s received any resolution.
In a statement emailed to The Verge, a Google spokesperson confirmed that the company is “investigating this claim.” However, no further information was given, and there’s no indication as to whether McGonigal has gotten any details on her own.
A second case that popped up before McGonigal’s was detailed in a now-deleted Reddit post, as reported by Android Police. According to the user, a hacker had taken advantage of a Pixel sent in for repair and decided to leak nude photographs of him and his wife. The explicit images were then uploaded to the hacker’s social media and caused a great deal of disarray in the user’s personal life.
Most notably is the location where this device was sent: Texas. The user says the Pixel could be found using Find My Device, and there were multiple logs from his accounts indicating the device was still in the Lone Star State. The hacker even stole money from him by sending someone $5 through PayPal.
It’s hard to tell whether both of these incidents occurred at the same repair shop in Texas, but it’s hard to imagine that’s not the case. The chances of this happening twice in the same state but at different repair shops seems impossible, so Google might have an easy time pin-pointing the facility in question.
Still, it’s incredibly concerning for anyone who needs to send their device in for repair. Google notes that you should factory reset your Pixel before sending it in, but sometimes that’s impossible due to the severity of the repair needed. It seems that neither party had done that, although it doesn’t seem like either could due to the extent of the damage of their phones.
This isn’t the first time something like this has happened to someone’s phone. Back in 2016, a woman had sent her iPhone to Apple for repair, only to have her nudes posted to Facebook soon afterward. This past June, the company wound up paying the woman millions of dollars during a settlement. It seems that the two parties who suffered similar circumstances are interested in lawful justice from Google. especially the Redditor who outright asked “What are my options here for suing Google?”
What the conclusion of either of these cases will involve remains unclear. So far, there’s been no updates from either party, and Google’s only confirming its “investigation” of McGonigal’s incident. We’ll have to wait this one out to see what happens next.
If you do need your Pixel repaired, your best bet might be sending it to an Asurian (formerly known as uBreakiFix) location which are authorized to fix your phone using genuine parts. They have a much larger reputation and seem to be a bit more trustworthy than whatever shops Google has in Texas.