When you send your phone to an authorized repair service to fix whatever is ailing it, you trust that said service would be trustworthy and protect your device from any security breaches. But it looks like at least two reported incidents have said that their devices were hacked and that whoever did so accessed their files. In one incident, the hacker was able to find “nudes” and used them to extort money from the user. In the other incident, the user noted that the nefarious individuals accessed her files trying to find photos and files that she suspected will be used to get money from her as well.

The first report was from an anonymous user in a legal advice subreddit. He says that his wife’s Pixel was sent back to Google for replacement through an RMA. They could not turn it on and wipe the device. But somehow, someone was able to “fix” it and then posted some nude photos of the couple on their social media after accessing her Google account. They also used her PayPal account to send $5 to someone, but this was probably just a test run. They were able to trace that the phone was in Texas, the same state where they sent the phone for a replacement.

The posts have since been deleted so Android Police was not able to get in touch with the user. But another Pixel user, this time a kind of prominent one, posted about her own experience. New York Times best-selling author and game designer Jane McGonigal shared a similar experience. Her Pixel phone that she sent in for repair reportedly “disappeared” but her Gmail and Dropbox accounts were accessed. They did not find any nudes but they did try to hide their footprints. She has been unable to erase and lock the device remotely through the Find My Device tool.

The ideal situation would be to factory reset a device when you send it for replacement or to have more security tools turned on when sending it for repair. But of course, there are cases when the phone is not working at all so you are not able to do any of that. But the fact that these breaches happened while under the care supposedly of Google or its authorized contractor is worrying, even if they may be isolated incidents. McGonigal’s breach also happened in Texas by the way.

Google has not issued a statement just yet about these incidents. McGonigal has asked those who want to start a class action lawsuit against Google to contact her. While the reddit posts have disappeared, the OP did post in the legal advice subreddit so they were probably thinking of suing as well.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.