Skip to main content

Google is ‘investigating’ reports of mail-in Pixel repairs leading to ‘hacked’ accounts, leaked photos

Smartphone repairs can be frustrating if you don’t live nearby a location that can handle the issue, and for many Pixel users, that’s exactly the problem they face. As such, mail-in repairs are a popular means of fixing broken Pixel devices. For a couple of users, though, that process has turned into a nightmare with mail-in Google Pixel repairs resulting in “hacked” accounts and more.

Two reports have surfaced in the past couple of weeks regarding Google’s mail-in process for repairing Pixel phones where the phones sent in were “hacked” with the Google account infiltrated and, in one case, private photos leaked to the public.


Update: Google has confirmed these privacy issues were not at the hands of the company’s own employees.


One case of this issue comes from game designer and author Jane McGonigal, who sent in a Pixel 5a to be repaired and found that someone was able to gain access to her Google account (including Gmail and Drive) as well as Dropbox. This also resulted in McGonigal’s photos “in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery” being accessed. Apparently, the device was used to access email accounts and cover up tracks by deleting notifications that would have come from someone logging into these accounts.

The phone was sent to a repair facility in Texas. Making matters a bit worse with this story in particular is that McGonigal was told that the phone was never received by Google, and as such she was charged for her replacement device. The device was not reset before sending it in to be repaired due to the damage it had sustained, and McGonigal says that an attempt was made to reset the device using Google’s remote reset tool.

A significantly more worrying story, though, came out of a since-deleted Reddit post. The story, as Android Police archived, saw a user who sent in a Pixel repair to a Texas facility. That device was used to access the user’s Google account and social media accounts, with the real damage being done with the user’s nude photographs of the user and his wife being posted by the “hacker” to their own social media accounts. A small amount of money was also sent from the user’s PayPal account.

In that case, the phone was not able to be powered on and, thus, couldn’t be reset. It is very important to note, though, that this device did not have any form of screen lock set up, meaning there was absolutely no barrier to the malicious party accessing this data. Of course, a screen lock couldn’t be added before sending in either, given the device could not be turned on.

Google has since responded to these reports, telling The Verge that the company is currently “investigating” the claim. The company does, notably, recommend that users reset their device before mailing it in for a repair, but that clearly wasn’t possible in their cases. Alternatively, too, the company partners with Asurion locations (formerly uBreakiFix) for local repairs. Apple had a similar situation in 2016, where repair techs posted a user’s nude photos on Facebook. Just this year, that case ended with a multimillion dollar payout.

More on Google Pixel:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel