Presse-Informationen
c't

  1. Heise Gruppe
  2. Presse-Informationen
  3. c't

c’t Exclusive
Amazon Sends Alexa Voice Records to Random Customer

Hannover, 20 December 2018 – Due to an internal error, Amazon recently sent 1,700 Alexa voice files to an unauthorized customer. Specialist computer magazine c’t details what is probably the first reported case of an Alexa data leak in its 1/2019 issue, due for publication on December 22nd.

Hundreds of thousands of Alexa-enabled devices will find their way into our homes this Christmas, but the Alexa data leak uncovered by c’t might just spoil the fun!

Alexa’s fall from grace began when an Amazon customer made use of his right to personal data access granted by the new EU General Data Protection Regulation (GDPR). His request not only gave him access to his own Amazon search data, but also to around 1,700 Alexa voice files recorded in a stranger’s living room, bedroom, and shower! The vigilant customer informed Amazon of the error, but Amazon ignored his warning and simply deleted the files from their server.

Luckily, our source had saved the files locally and sent them (confidentially of course) to our in-house experts for analysis. Based on details such as the people’s names and local weather forecasts recorded in the files, our correspondent Holger Bleich was quickly able to identify the unfortunate Echo user whose data Amazon had illegally revealed. The victim was shocked when we told him what had happened, especially considering that Amazon hadn’t bothered to tell him, even though they knew the leak had occurred.

This data privacy disaster occurred because amazon.de saves Alexa voice recordings indefinitely and because the processes it uses to leverage them have serious security issues. This is the worst case scenario that data security and consumer rights experts have been warning us about. Holger Bleich says it is impossible to tell whether this really is an isolated incident as Amazon claims. Whether or not this is the case, it is clear that Amazon doesn’t adequately protect the personal data that Alexa collects.

To the press: Please contact us, if you would like to receive a PDF of the complete article in English.