
Ask HN: Mom Sent a TON of personal info to WRONG gmail account. Any options? - jasminesky
Hi,<p>I am reaching out to the HN community for help.<p>About two hours ago my mother sent a TON of personal information from her company email to her newly registered gmail account. But she misremembered the username and now a lot of her, my dad's, and my personal information is sitting in some stranger's inbox.<p>I'm talking about passport copies, ID cards, diploma copies, medical information etc.<p>Yes, it was perhaps stupid to have that stuff in any email at all, but she made a mistake and I didn't know about any of this until she called me in panic half an hour ago.<p>Can you PLEASE help us? I wrote some stuff on a gmail froum. I sent an email to google (got back autoresponder). I also emailed the stranger's gmail asking for a deletion in 3 languages.<p>But all that is very unlikely to get any attention and it's hard to stop worrying when you are an open book to a stranger.<p>Can you please help me get in touch with Google and try to find a definite solution to this? Or any other recommendations?<p>Thank you sincerely,
Jasmine
======
jcr
Actually contacting someone at Google is notoriously difficult, and
unfortunately, it's intentionally difficult. At their scale, there's no way
Google could provide support for all the countless billions of people using
their services.

In some ways, Google is fairly bad about following standards. On normal mail
servers, if you send to a non-existent address, the server will reply to let
you know about your mistake. Google doesn't do this. The reason they don't has
something to do with their spam handling, and the costs of spam handling, but
it's still against the conventions of email to not let people know that the
address they used doesn't exist.

If you are really lucky, the wrong address your Mom used does not exist, and
the message she sent was never saved or seen.

The only way you could test if the account exists is to try registering the
mistaken address.

Well, I've possibly lied a little bit; Google supposedly saves everything,
including spam, so even if the email could not be delivered since the address
doesn't exist, google may still have a copy of the message sitting somewhere.

If the mistaken address is actually real, then attempting to track down and
contact its owner might be helpful. The odds of success are bad, but it can
sometimes work. Call me overly optimistic, but I like to believe most people
are good and would help you out.

Good Luck!

~~~
benologist
> At their scale, there's no way Google could provide support for all the
> countless billions of people using their services.

Google does not deserve such charity - plenty of companies with far more
customers have figured out how to support them, Google explicitly _chooses_
not to.

Fedex, UPS, DHL, Apple, Facebook, Twitter, Microsoft, Amazon, eBay, Wal-Mart,
Pizza Hut, Dominos Pizza, MacDonalds, KFC, Burger King, Subway etc, just off
the top of my head.

You can literally talk to United Airlines, one of the most incompetent
companies in the world, and get a response and resolution.

~~~
notahacker
A single ticket on United costs far more than I'll ever pay for the gmail
service I use on a daily basis - this might well be true even if you take into
account revenue from ads I click on. Facebook aren't exactly known for being
responsive to this sort of customer problem either.

~~~
benologist
Google's worth 40 times what United is so obviously their margins are just
fine.

~~~
devonbarrett
Or there market is much greater?

~~~
benologist
Either way they are making more money than most companies and choose to
provide less support than shitty companies.

------
benologist
My recommendation is to relax and think about how incredibly unlikely it is
that that information went to the tiny, tiny, tiny, tiny, tiny subset of
humanity that can and might use it against you.

If you are really concerned you should research the recovery process for
affected customers when companies are hacked and lose massive and broad sets
of customer information.

You should not bombard them with scams and spam to get your mom's old email
blacklisted, that is an overreaction and most likely you will just cause the
other person inconvenience.

------
batman1231049
Send a few more emails from the same account with obvious scam-attempt
material.

E.g. You've been selected as our daily winner. You will be rewarded a brand
new Apple Phone 5!! Visit here to claim: <insert fishy URL>

Maybe they'll notice all the others from the same account and mass delete them
all without opening the rest.

~~~
jasminesky
Wow that is a very original idea! Some risk of pissing off the person if they
have already read my email asking for a deletion. And they would know my mom's
company as it all came from that and complain or something. Worth the risk you
think?

~~~
jcr
I'd try being polite first. Though spamming the account _might_ work for
getting everything sorted as spam, it does not delete the problem message and
it will anger the account owner. If someone made a simple mistake of sending
you something, and then bombed your account, you'd be rightfully angry.

If you want help trying to track down the owner of the account, contact me
privately (email in my profile).

------
logn
Take the email address and search on Facebook, LinkedIn, various blogs, etc.
At the least you could be re-assured if the person looks like an upstanding
citizen. And if you reach out on a trusted social network, the person might
actually respond. It might also send a "I know who you are" type of message.
But don't be too persistent, you're probably just freaking the person out. And
if you upset this person, well they have your info.

Also, go ahead and get set up with an identity theft monitoring service.
You'll know the instant a new credit line or address change is made.

Like others have said, the vast majority of people have no interest in
identity theft. You realize that as a manager I have access to hundreds of
applicant's passports, driver's licenses, etc.? You know how many people see
your social when you apply for a mortgage? Ever considered how many average
restaurant servers could steal your credit card number?

Anecdotally, I sold my car to a dealership which years later I realized had my
social security card and birth certificate in an obscure compartment in the
car. Probably the worst documents to lose. Nothing came of it.

------
sebkomianos
I upvoted and tweeted about this just so we raise the possibility that you get
a good solution to your problem.

Even if you manage to reach Google and they somehow delete that one email from
that guy's inbox, how can you know that he hasn't already saved the
information? So, instead of trying to solve this from the gmail side, why
don't you look at the other one? Contact your bank, let them know and have
your card numbers and passwords changed, start the process of getting a new
passport maybe and in general "protect" yourself by making the information
that guy has useless.

But I agree on the "relax" part too, I mean, how many of us would take such an
email seriously? Chances are he/she thinks "Oh, those Nigerian Princes are
advancing their techniques..", laughs at it and marks it as spam.

If it reaches someone, that is - and it's quite possible it doesn't.

But, yeah, my advice would be to let everyone know and eventually make all
that information useless.

Good luck and let us know if something happens! :)

~~~
jasminesky
thank you and all others.

my family is all in different countries so the passport renewal situation is
difficult at the time. but we will definitely do that asap. finances are less
of a concern, no CC info was passed along - it's more being prone to ID theft.

about the inbox, well in an ideal world, we could make a case to google to
delete the emails. but the more realistic hope is to reduce the uncertainty in
the situation - is the stranger an active user or is it one of those dying
accounts? from which country?

anyway thanks all for the suggestions. i will try to communicate some of this
perspective and optimism to my mom over the phone.

------
Donito
Did you try creating a new gmail account with that email? If you succeed, it
means no one ever received those documents :)

~~~
jasminesky
unfortunately it's taken and even tied to a backup AOL email (i clicked the
"forgot my password" just to see if there'd be some number or alternate email.
the AOL email is shown, but only as i __ __*l@aol.com.

------
bosky101
I'd also suggest searching her sent mail to see if any previous mails have
been sent to the said id.

but i agree with other comments here, and wouldnt worry 'too' much.

maybe you can send a kind mail informing of what happened, and request to
delete the same.

~B

------
JoachimSchipper
This is _less_ dangerous than your mom losing a folder with all of that stuff
in the train. Which would be worrying, but not "in a panic" worrying. As
others have said, relax.

(In case this is the question you were asking: there's no reliable way to hack
into any of the major e-mail providers that I know of. Getting access to
another's account is highly unethical, not to mention illegal; it's unlikely
to reduce the number of problems you have, especially if the risk is less
"caught for being a foreign spy" and more "identity theft".)

~~~
UnoriginalGuy
> there's no reliable way to hack into any of the major e-mail providers

I'd argue that the "forgotten password" forms on most major e-mail providers
is a trivial way to hack them.

In particular if you can research someone. Like if you can cross-check the
e-mail address in google, then find a Facebook, which gives you more info
which you can leverage again for yet more...

Obviously unethical and illegal. But reliable.

~~~
JoachimSchipper
Hardly reliable, not everyone puts everything on the web/Facespace.

I deleted that paragraph before posting for a reason; you may or may not want
to consider that next time.

------
Jemm
Send an email to the erroneous email address you sent to originally. Say that
you are recalling the previous email, that the email was sent in error and ask
the recipient to keep the contents confidential, delete the email and any
copies of the information contained in the email.

Word it nicely but firmly.

I am NOT a lawyer, ...

------
japhyr
If I received this email, I would probably delete it immediately. I probably
wouldn't reply to any follow up messages either, I'd just delete those as
well.

No advice here, just letting you know what I would have done if I were the
recipient.

~~~
Scriptor
Just curious, why wouldn't you respond?

~~~
pasbesoin
In the U.S., at least, there are many contexts (speaking very generally) where
an acknowledgement de facto increases your risk.

One being that it can provide the pretext for legal action, such as a lawsuit.

Even if you've done nothing wrong, this can impose a significant burden upon
you. And, given our legal system, there's no guarantee you'll come out
vindicated -- or whole (e.g. financially), even if you "win" and are
"vindicated".

P.S. And so, by extension, some people decide that if they do not understand a
context and its implications, the best default action is to forego
acknowledgment of it unless compelled.

------
borplk
Just relax. The chances of some random email address's owner being an identity
thief is incredibly small. Not everyone is capable of abusing those documents.

