In a story that is sure to make you think twice before spilling secrets over Gmail ever again, a (now former) Google employee abused his position as a Site Reliability Engineer (SRE) to access and abuse information from at least four user accounts.
The accounts were those of teens in his area, both male and female, who were from a Seattle technology group that the offender was previously a part of. Sources close to the story claim that the actions of the former Google employee, David Barksdale, were not sexual in nature.
According to the quote from an initial source: “My gut read on the situation was that there wasn’t any strong sexual predatory behavior, just a lot of violating people’s personal privacy.”
Barksdale accessed chats, emails, Google Voice data, including phone numbers, and other pieces of private information that he often used to taunt and harass his young acquaintances. In one case, when one teenage boy refused to tell him the name of his new girlfriend, Barksdale accessed his information, found her name and phone number, and threatened to call her.
Mr. Barksdale has since been fired. Parents of the children complained to the company about his actions which led to his termination. Both Google and Barksdale are being quiet on the matter, both parties not looking for extra publicity.
How did Barksdale have access to so much information which should have been private? Google SREs are responsible for troubleshooting user problems, meaning that they often have to have the ability to view and interact with accounts at all levels. There is an assumed level of trust that the SREs will not abuse their power, but it is now clear that there are very few controls to stop a rogue SRE.
If nothing more, the Barksdale situation will bring light to the SRE situation; we can only assume Google will take major steps to play down the negative press the company will receive from this story. No more is known at this time, but if you have any information on the matter, you know where to send it.