Google's mail-in Pixel repair service reportedly compromised photos and accounts

Google is investigating.

Terrence O'Brien/Engadget

Rogue repair staff aren't limited to any one company. According to The Verge, author and developer Jane McGonigal said her internet accounts were compromised after she mailed her Pixel 5a to Google for service. The intruder accessed Google services, Dropbox and another email account, McGonigal said, and activity logs indicated access to semi-revealing photos in an apparent attempt to "find nudes."

McGonigal noted that this happened long after her phone seemingly vanished from Google's facility, and despite efforts to wipe the phone and lock it using Google's system. She couldn't turn the phone on as she normally would to perform a reset. The perpetrator, meanwhile, took pains to cover their tracks by marking Google security alerts as spam and even deleting those notices in backup email accounts.

Google has confirmed that it's "investigating" the claim. McGonigal heard the same through unofficial sources, but hadn't been contacted as of this writing. This is the second such report in two weeks.

The allegation highlights the problems with mail-in service. You can't always trust that technicians will respect your privacy, and it's not always certain that you can scrub your data. Retail support is no guarantee, either. Short of knowing a technician you can trust, the only surefire solution is to fix a device yourself — and that isn't practical for many people.