This does not look at all like a hash collision. Any hash table worth a damn does not rely solely on hash value for retrieval. There's a separate comparison for dealing with collisions on lookup.
Even if it was a realistic design pattern, what are the odds that not only that a collision occurred, but also occurred between two users in the same geographic area (i.e. Norway)?
Here is a more likely scenario: They're using the same ISP, and that ISP has some poorly configured transparent HTTP cache that is serving Cache-control: private responses to multiple users. I would bet a significant amount of money on this being the problem.
To test this theory, the journalist should logout (invalidating his cookies), and then only use HTTPS with Google Plus (Install the HTTPS Everywhere extension to be certain https://www.eff.org/https-everywhere). If the pictures keep coming, I'm wrong. If they stop, then they're going to another user with the same ISP until they fix their broken cache.
It is said in the article that the journalist and the girl are from different continents... is there any ISP that operates on multiple continents and uses the same cache infrastructure for all the geographical locations?
It says they're both norwegian, and she was visiting another country..returned from vacation and uploaded her pics? Using her norwegian cellphone while abroad (i.e. norwegian APN)? Emailing her pictures to mom who uploads them from home?
Who knows, but the fact that she visited another country doesn't invalidate it.
