I use my phone camera to take pix of receipts for expense reports. I just add them to an Open Office doc, PDF it, and send it internally to our expense system. Quick and easy, never leaves the VPN so it's relatively secure.

Today a buddy sent me a link to his Picasa album. Because I was logged into G+, I also saw "my" Picasa interface. I didn't know I had a Picasa account.

There were all my pix of receipts, with my credit card number plainly visible on several of them.

I never signed up for Picasa, mind you. Apparently when I installed the G+ app to my phone, I agreed to let it post pix from my phone. I didn't know, or I missed that I also agreed to automatically upload EVERY SINGLE PICTURE I take to Google/Picasa. I was not aware of that, and would NEVER have agreed to do so had I been aware. I'm seriously pissed off. Some of those pix have been there for months.

I have no idea whether anyone had access to them, or if they're still on Google somewhere even though I deleted the album. Basically, I'm now calling my corporate card provider and asking for a new number and card. This SUCKS - all my airlines, car rental places, my cell phone provider and several other places direct bill my card. I'm going to have to go mess with probably a dozen or more accounts.

Now, to be fair - I have no doubt that this was user error, but I think I'm a relatively savvy user, and I generally read stuff pretty carefully when it comes to sharing my info. I completely missed that it was going to upload every single picture I took. If I missed it, there's a good chance others have as well.

Be real aware of what G+ is doing on your phone!
Shared publiclyView activity