Google has fixed a security flaw that exposed the email addresses of YouTube users класс порнография по биалогии a potentially massive privacy breach.
Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.
Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.
Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.
This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.
With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.
Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.
Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."
In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.
The biggest stories and plays from day one of the BLAST.tv Paris Major Legends Stage
Discord voice chat rolls out to all Xbox users
'Quordle' today: See each 'Quordle' answer and hints for November 17
'Quordle' today: See each 'Quordle' answer and hints for November 12
WePlay Academy League Season 6 reaches playoffs
Elon Musk's $8 Twitter Blue hasn't made very much money so far
'Black Panther: Wakanda Forever' mid
DuckDuckGo adds App Tracking Protection for all Android users
'Burai' Stands Alone as Unique Theater Experience
Mismatched kinkiness: How to talk about kink with your vanilla partner
'Kokeshi' Author to Speak at Japan Foundation
Wordle today: Here's the answer, hints for November 17
Wordle today: Here's the answer, hints for November 18
Twitter's 'Official' checkmark rollout was a mess. Elon Musk already killed it.
Artists at Play Presents L.A. Premiere of ‘Cowboy vs. Samurai’
How Roe v. Wade reversal is impacting dating and sex lives
YouTube Shorts goes head
Wordle today: Here's the answer, hints for November 12
'FandangObon' Combines Cultural Traditions
'Quordle' today: See each 'Quordle' answer and hints for November 15
Minecraft says it wants nothing to do with NFTs, blockchain'Stranger Things' fans: Call the Surfer Boy Pizza number for a fun surpriseFacebook launches new Feeds and Home tabs on its appNothing Phone 1 leak reveals all about the new smartphoneOmnipotence City is 'Thor: Love and Thunder's biggest wasted opportunityHow to edit your Lock Screen in iOS 16'Strange Things 4' Demogorgon fight: Go behindApple agrees to $50 million settlement over MacBook's old defective butterfly keyboardsThe NFL's new streaming service with live games, explainedOnePlus reveals launch date for OnePlus 10T Yum China sticks to 1,300 new stores target after 25% increase in quarterly revenue · TechNode The Puppet Master 'Andor' and its time jumps: BBY, explained Under the Boot How a big zone in the plains got primed for pummeling tornadoes WeChat beta tests Xiaohongshu Turn Back! Best power bank deal: Save 29% on CUKTECH 15 Ultra 20000mAh charger Duolingo will now teach you how to play chess Alibaba makes two large models with 7 billion parameters open source · TechNode
0.1744s , 8004.3828125 kb
Copyright © 2025 Powered by 【9 класс порнография по биалогии】Google patched a major security flaw that could've exposed YouTubers' email addresses,Global Hot Topic Analysis
