Set as Homepage - Add to Favorites

【Swipe (2017)】

Source:Wisdom Convergence Information Network Editor:Deals Time:2025-06-26 09:38:52

Google has fixed a security flaw that exposed the email addresses of YouTube users,Swipe (2017) a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:Ireland fines TikTok $600 million for sharing user data with China

Next:NYT Connections hints and answers for May 2: Tips to solve 'Connections' #691.

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Bristol Bears vs. Saracens 2024 livestream: Watch live rugby for freeThere's a new crop of sustainable travel influencers on InstagramTikTok announces new watermarking plans for AIThese animals went extinct in 2019Earth's winds have picked up again, after decades of slowingTarget Mother's Day deal: Shop gift cards and get $10 backBest headphone deal: Get the Apple AirPods Max 18% off at AmazonTarget Mother's Day deal: Shop gift cards and get $10 backWonder what your dog would look like as a cat? There's a new AI tool for you.Where to watch every 'Hunger Games' movie in 202461 polar bears amass outside Arctic village because sea ice is pitifully lowByteDance to reduce stock in eBookTok and teens: What parents need to knowQAnon conspiracy theories are surging on Elon Musk's X. Here's proof.Instead of buying lame gifts, donate to these conservation orgs'Interview with the Vampire' Season 2 review: Theater, romance, and bloody good TV'The Iron Claw' review: A24's proWorst reasons for Trump to quit the Paris climate agreement, unrankedXpeng Motors initiates wide release of assisted driving software in 20+ cities · TechNodeXpeng Motors initiates wide release of assisted driving software in 20+ cities · TechNode We maxed out the new Apple Watch Series 5, and it costs a fortune Yes, there's going to be a Ferrari Land and it's everything you imagined The LGBTQ community is coming to march and werk on Washington Trump capping a pen with his tiny hands gets a huge Photoshop battle Jenna Fischer and Angela Kinsey team up for 'The Office' podcast Trump is going to build that damn wall and all people can talk about is avocados Hey Sean Spicer, what's up with that cryptic tweet? Apple Watch Series 5 will come with 'always on' Retina display Lyft adds 911 button more than a year after Uber app People with trypophobia are freaked out by the iPhone 11 Pro Here's what the new Apple Watch Series 5 looks like Why I've never paid Apple store prices for an iPhone, and you shouldn’t either Google faces antitrust investigation from nearly every U.S. state Ronda Rousey stands in solidarity with Standing Rock by delivering supplies Amazon employees are striking against climate change No, Fox News didn't get Trump to flash the White House lights on and off The 'Downton Abbey' movie is the horniest PG Teenage innovators are improving the bathroom selfie, one random object at a time Stellar pregnancy announcement features a dog wearing glasses Apple finally streamed its big event on YouTube. Here's how many people watched.

2.742s , 8224.9140625 kb

Copyright © 2025 Powered by 【Swipe (2017)】,Wisdom Convergence Information Network  

Sitemap

Top

Quick Links