Sometimes, game leaks are dramatic, unpleasant things—like the disturbing Insomniac hacks that happened late last year, revealing developer's private information due to a ransomware group. More often than not, however, they occur for simple, hindsight-stupid reasons, as recently-leaked documents from Google reveal.
A recent report by 404Media states that Google—which has owned YouTube since it bought the site in 2006—experienced a dearth of privacy hiccups from "2013 to 2018". The site obtained a copy of an "internal database which tracks six years worth of potential privacy and security issues." Google's later statement provided to 404Media implies that the database was indeed accurate.
Among "thousands" of other incidents, the report indicates that a "Google employee accessed private videos in Nintendo's YouTube account, and leaked information ahead of Nintendo's planned announcements." 404Media later linked this entry to a leak posted on the Nintendo subreddit in 2017.
The post itself shares a phone picture of a webpage carrying the "admin" prefix, indicating that the page was accessed on Google's internal systems. The game in question is titled "Yoshi for the Nintendo Switch", later released as Yoshi's Crafted World in 2019.
A new Yoshi game (probably Woolly World 2) is going to be announced for Switch from r/nintendo
The original poster, who has since deleted their account, wrote: "My friend works at Google and he sent this photo to me. It's a video that's already on the Nintendo channel and is going to be in public after the reveal."
Shortly after it debuted, a Google employee flagged the leak, which revealed the game "well ahead of Nintendo's public E3 announcement". 404Media's follow-up also adds that the leaker was a TVC—a "temporary vendor contractor".
This bolsters the idea that many videogame leakers get their info from private YouTube videos—which aren't accessible unless you're in charge of the channel or, naturally, on Google's payroll with certain privileges and loose lips. Someone shares details with a buddy they think they trust, and suddenly you've sprung a leak if you choose to put your trailers on YouTube which, let's face it, you're going to do.
The Yoshi leak in particular is fairly innocuous—however, 404Media's report also highlights some more harmful examples of security breaches. These include accidentally recording children's voices, as well as exclusion software failing and accidentally creating a "database of geolocated licence plate numbers" in Google's internal systems, via Google Maps.
Writing to 404Media, Google stated: "At Google, employees can quickly flag potential product issues for review by the relevant teams … The reports obtained by 404 are from over six years ago and are examples of these flags—every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services."
I'm not particularly interested in rushing to Google's defence, here—these leaks aren't great—but in the interest of fairness, this serves as a reminder that nothing you do online is ever truly private or 100% secure in general.
The infrastructure of the internet is so entangled in errors that're both technological (such as those filters failing) and human (sending videos to your mates) that you can never really be sure everything's under lock-and-key. Even if you believe in the veracity of Google's commitment to security practices, you shouldn't assume everyone involved is doing the best job they can because, as determined by the US Government recently with Microsoft, sometimes they really aren't.
