Set as Homepage - Add to Favorites

【Seventeen (2019)】

Source:Exquisite Information Network Editor:Games Time:2025-06-26 19:41:14

Google has fixed a security flaw that exposed the email addresses of YouTube users,Seventeen (2019) a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:Ireland fines TikTok $600 million for sharing user data with China

Next:The fat bears are already extremely fat

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

The Return by Jill TalbotStaff Picks: Demons, Decadence, and Dimes by The Paris ReviewCES 2024: 3 wild TV trends we're expecting to see5 rumored tech dropping in 2024NYT's The Mini crossword answers for December 23The Envelope by Jill TalbotPoets on Couches: Stephanie Burt by Stephanie BurtInfluencers in Islamabad by Sanam MaherNYT's The Mini crossword answers for December 24Toys under $20 at Amazon — Dec. 2023 dealsKeeping the Fear at Bay by John Freeman25 best TV comedies on Max right nowQuarantine Reads: ‘The Waves’ by Matt LevinW. H. Auden Was a Messy Roommate by Seamus PerryI've used iPhone 15 Pro Max for 2 months: 5 gameHow to watch VT vs. Tulane football livestreams: kickoff time, streaming deals, and moreNational Treasure, Elizabeth Spencer by Allan GurganusNever Childhood to a Child by Peter OrnerLearning Ancientness Studio: An Interview with Jeffrey Yang by Lauren KaneStaff Picks: Demons, Decadence, and Dimes by The Paris Review Screen time effects in kids are hard to measure. This is why. When Kim Kardashian returns to social media, it will be very different Congrats Elon Musk, for following one woman on Twitter Tesla Model Y is on the way Super Bowl LIII will feature male cheerleaders for the very first time Daughter writes her father the most adorable get well soon card Clinton ad shows Pence denying Trump claims as Trump says them #OctoberSurprise turned out to be nothing more than an LOL on Twitter It's fall, so we contoured our faces and went bobbing for apples Google bans slew of malicious Android photo and beauty apps 'Fortnite' staged an entire Marshmello concert inside the game Facebook is making more money than ever because nothing matters Uber and Lyft trips just got more expensive in NYC. Here's why. Twitter suspends accounts that sell automated follow/unfollow services A smaller, cheaper Nintendo Switch might be coming this year A gigantic cavity was discovered in a glacier and that's bad news FBI arrests contractor for possession of highly classified material Facebook isn't sorry about its shady 'research' app Apple's 2020 iPhone will have a more powerful 3D camera, report says Airbnb hosts offer homes for $0 as Hurricane Matthew approaches

2.1354s , 8228.6328125 kb

Copyright © 2025 Powered by 【Seventeen (2019)】,Exquisite Information Network  

Sitemap

Top

Quick Links