Translate.com Exposes Highly Sensitive Information in Massive Privacy Breach: NRK (Updated)
Update: On September 11, DataBreaches.net received a response from Translate.com, which appears at the bottom of this post.
Florian Faes writes:
How would you feel if your letter of resignation were posted online? Or sensitive parts of your employment contract? Or details of that M&A deal you have been working on with an investment bank? Thousands of people are about to find out unless translate.com fixes its website and gets in touch with Google to delete what must be millions of indexed pages containing highly sensitive data.
Translate.com’s website offers a free machine translation service powered by Microsoft Translator. Because the site’s highly coveted domain attracts heavy web traffic, thousands, if not hundreds of thousands, of unsuspecting users looking for quick machine translation found their confidential data exposed on the internet.
Read more on SLATOR.
DataBreaches.net reached out to Translate.com to ask for a response to the allegations, but did not receive an immediate reply. You can read how the company explained it to news outlet NRK on NRK’s site. Their alleged “solution” to the problem did not seem particularly effective, based on NRK’s testing and reporting.
DataBreaches.net also initiated a test, by going to Translate.com and entering the following text:
This is a test of an alleged vulnerability that exposes user data on Translate.com. Will I be able to find this query via a Google search?
The material was translated into Spanish, as requested:
Esta es una prueba de una supuesta vulnerabilidad que expone datos de usuario en desees. ¿Serán capaces de encontrar esta consulta a través de una búsqueda en Google?
Attempts to find either the English or Spanish text in Google have failed to produce results so far, but I will check for the next 24 -48 hours and will update this post with results and/or a response from Translate.com should they provide one.
Update (Sunday): The test has not shown up in Google results – at least not yet. And Translate.com has not replied to my inquiry – at least not yet.
Update (September 11): Translate.com sent the following statement:
In response to your inquiry, Translate.com’s free, volunteer based, machine translations were not breached.
There are two versions of the Translate.com solution. The one in question, the free version, using various online translation services, also incorporated volunteer translators to review and correct translations. This “old” volunteer segment is now closed, and, all translations involving volunteers have been removed. The online machine translations, which are still available for free, will no longer be saved.
If a client wishes quality and privacy, we recommend they use our subscription based, commercial grade Enterprise solution. Enterprise submissions are password protected. The translations are saved, and available only to our clients by signing into their account.
Translate.com’s Enterprise solution is proud of its growing network of over 40,000 on-demand, paid translators, who as a group are fluent in 90 languages. Our translators are required to execute ethics and Non-Disclosure Agreements.
We continue to take pride in the excellent work provided by our international team of translators on our Enterprise solution, and we encourage our clients to have renewed faith and trust in both our free and Enterprise translation services.