Data Centre

Cloud

OK Google: A stranger with stash of pirated films is spamming my Google Team Drive

For the love of cloud, don't click on anything

By Andrew Orlowski

65 SHARE

Google seems powerless to stop its Google Drive file sharing service being exploited by a spammer who has linked other users to their stash of pirated movies, among other dubious files, users have complained.

Team Drives is part of Google’s G Suite offering, aimed at businesses, education and other professional organisations. It allows administrators to create a shared drive, controlling access.

But for weeks, Team Drive users have found themselves joined to a public #huyannet Team Drive. Google was alerted six weeks ago but has been unable to come up with a fix and extract #huyannet and its files from legitimate paying users’ workspaces.

The public #huyannet space contains terabytes of copyright infringing material. New additions caused storms of spam with legitimate users who have unwillingly been joined to the unwanted drives.

Team Drive user Simon Worthington, who alerted us to the failure, told us he was dismayed by Google’s response, and said it lacked the appropriate procedures to remove the offenders.

“Google have no process for a Team Drive recipient accepting access to a share, the recipient can only remove themselves after (which is bad in itself),” he told us. “But to make matters worse in this instance, spammers are able to add those email addresses to a distribution group within the Team Drive, so you can't remove yourself from the share.”

In the official support forum, one #huyannet victim wrote:

“I received a spam email days ago notifying that I was added to this spam drive, but simply deleted the email and didn't think twice about it, until I just noticed it in my drive. “

The person added: “Let's hope Google 1) deals with these obvious movie pirates that are storing terabytes of copyrighted movies and tv shows on their servers, and 2) gives users a method to remove themselves from spammed team drives, and 3) comes up with a method to prevent spammed team drives from automatically showing up in Drive - you should be required to verify that you would like to join. “

Another exclaimed:

“Why is it impossible to Block a Spammer from sharing a doc to my Drive??”

Incredibly, once a third party has been unwillingly joined to #huyannet, they are unable to remove it.

“I suspect the obvious fix for them breaks things elsewhere, which is why they can't deploy it,” Worthington speculated.

We have asked Google for comment and will update this story when it gets back to us.

Google Drive Help Forum "top contributor" David King told users at the weekend: "I've escalated this issue as a priority to the Drive community manager. I understand this will be a confusing and frustrating experience – all I can advise from reading your reports is not to click on or open any files."

Indeed.

Not a great advert for Google – or the cloud. ®

Sign up to our NewsletterGet IT in your inbox daily

65 Comments

More from The Register

FYI: Drone maker DJI's 'Get it on Google Play' website button definitely does not get the app from Google Play...

Updated Quadcopter slinger rudely palms folk off to .apk download

Latest Google+ flaw leads Chocolate Factory to shut down site early

52.5 million accounts at risk, tens of people are worried

Here you go, cloudy admins: Google emits NATty odds 'n' sods

Google Cloud Next Incremental titbits aimed at time-poor techies

Google's secret to a healthy phone? Remote-controlling your apps

Look Ma, no not much malware!

Thanksgiving brings together Apple's Siri and Google Assistant

A divided tech nation embraces, uncomfortably

Comparison sites cry foul over Google Shopping service

Original complainants say pay-to-play remedy has left them in the cold

Google: I don't know why you say Allo, I say goodbye

Sidelined messaging app given end-of-life date of March 2019

EU Android latest: Critics diss Google's money-spinning 'cure'

You shouldn't profit from punishment

Surprising no one, Google to appeal against European Commission's €4.34bn Android fine

We'll just take our time here

Google Project Zero zeroes in on Google project: Security hole spotted in gVisor sandbox fence

Horn flags up flaw that can be exploited to breakout out of software containers