Set as Homepage - Add to Favorites

【Peter North Jenna Jameson - Priceless (1995)】

Source:Unobstructed Information Network Editor:Science Time:2025-06-26 02:39:19

Google has fixed a security flaw that exposed the email addresses of YouTube users,Peter North Jenna Jameson - Priceless (1995) a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:The Serve-Us Industry

Next:No Left Turns

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

J.K. Rowling's response to this meme about her death is absolutely classicI love the 'Destiny 2' Twitter that just shares bonkers Steam namesStarbucks offers free legal advice to immigrant employees affected by Trump banElizabeth Holmes' lawyers say the Theranos founder isn't paying them'The Walking Dead' Season 10 premiere roars with fire and deathInstagram now lets you shop with augmented realityReview: The Hydro Flask is a fantastic water bottleThe truth behind Airbnb's Super Bowl adTheaters warn parents to keep kids away from 'Joker'Activists sailing to Chile from Amsterdam, following Greta Thunberg's footstepsWikipedia has only granted one takedown request. Here it is.Coinbase now offers interest to people holding USDC on its exchangeDad receives unintentionally hilarious letter from son's schoolJust when you thought there was nothing else to leak, the Google Pixel 4 spec sheet shows upAfter 11 years, the feud between Chili's and 'The Office's Pam Beesly is now overIf You Owned a Galaxy S4, Samsung Owes You $10If You Owned a Galaxy S4, Samsung Owes You $10Bernie Sanders is now a fashion icon and he's not sure what to make of itUK mosques open up to visitors for food, tea, and a chance to talkThe evidence that Trump does, in fact, own a bathrobe Sure you're not a robot? Solve this chess puzzle and prove it. Everything you need to know about Cara Delevingne's new coming Girl Scouts dress as influential women for Women's History Month BBC Dad comes out of digital hiding to talk about that infamous clip Sleet is the worst form of precipitation imaginable J.K. Rowling and basketball player bond on Twitter over nasty 'Harry Potter' cut Trump never has to buy sunglasses again because Obama's photographer will shade him forever Botnets are zombie armies and other helpful analogies from Alphabet's new Chrome extension This conspiracy theory about Beyoncé's twins is bonkers so obviously we believe it Emulator allows iPhone to run Windows XP Chimamanda Ngozi Adichie's tips for raising the next generation of feminists Talks of a 'Matrix' reboot are sending Twitter into a spiral of despair 10 Disney animals we would totally date Canada's Girl Scouts have also had enough of Trump Hey law students: Want a job? Well, you better learn to code. Instagram captures stunning electric blue 'sea sparkle' phenomenon Rachel Maddow infuriates the internet with her leisurely Trump taxes reveal Google Maps can now take you deep inside this fiery volcano Rupert Grint transforms into a hustler for Crackle's 'Snatch' Amazon makes it easier to order from your favorite restaurant through Alexa

2.1172s , 8223.1796875 kb

Copyright © 2025 Powered by 【Peter North Jenna Jameson - Priceless (1995)】,Unobstructed Information Network  

Sitemap

Top

Quick Links