Set as Homepage - Add to Favorites

【1981 Archives】

Source:Inspiration Information Network Editor:Games Time:2025-06-26 18:32:21

Google has fixed a security flaw that exposed the email addresses of YouTube users981 Archives a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:Episode 4: The Wave of the Future

Next:A Typical Wall Street Republican

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Lucky toddler stars in her very own 'Beauty and the Beast' photoshootLondon tourist attraction is getting dragged for sexist Valentine's social media campaignThe Weeknd BieberNew iPhone might have a 'function area' instead of a home buttonThis pollinating bee drone shows the power of these endangered creaturesThe very first IMAX VR arcade just opened and it's already pretty popularStudent thanks teacher for pushing them to their goals maybe a little too hardBBC announces Santa isn't real, later apologises for fake news9 spectacular photographs from Asia's largest aeronautics showCanon embraces vloggers with EOS M6, EOS Rebel T7i and EOS 77D24 ways your brain rapidly changed after Trump's electionHuawei to launch P10 flagship phone on February 26This pollinating bee drone shows the power of these endangered creaturesCaavo combines content from Apple TV, Roku, Fire TV and moreLondon tourist attraction is getting dragged for sexist Valentine's social media campaignTwitter is putting some users in the timeThis pollinating bee drone shows the power of these endangered creaturesReddit's new 'popular' front page excludes TrumpThis privacy app may work for White House aides, but it's still a mysteryCouple had romantic Valentine's Day dinner... on a New York City subway platform Nintendo sketches out release plans for Pokémon, Smash Bros, and more Leonardo DiCaprio's solar venture powers rural, off Meghan Markle's character gets married in 'Suits' before her IRL wedding in May Ryan Reynolds, as Deadpool, trolls Hugh Jackman in the best way George R.R. Martin announces new book that isn't 'Winds of Winter' Survivor leaves 5 The 6 best Nancy Meyers movies, ranked 'A Quiet Place' is getting a sequel Epic deluge in Kauai may have broken all How to organize your Spotify account Facebook announces new plan to combat fake news in News Feed Where all the characters left off before 'Avengers: Infinity War' How to send a dick pic 'Shadow of the Tomb Raider' preview Texas town will host a .5k run, dedicated to the non New documentary to examine NXIVM, alleged Allison Mack sex cult 7 ways to take the perfect graduation picture Download your Instagram data and delete your account Amazon plans new 'memory' feature to make Alexa smarter Everything you need to know about Gmail's massive redesign

2.0301s , 8226.78125 kb

Copyright © 2025 Powered by 【1981 Archives】,Inspiration Information Network  

Sitemap

Top

Quick Links