Google has fixed a security flaw that exposed the email addresses of YouTube users,beautiful sex videos tumblr a potentially massive privacy breach.
Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.
Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.
Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.
This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.
With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.
Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.
Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."
In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.
Kimi Sugiyama Human Service Award Recipients Named
Gate.io Launches Futures Testnet Trading Challenge
A Precious Homeland Connection
Alan Nishio: Intelligence, Grace, and Dignity
Nikkei Progressives Workshop for ‘Families Belong Together’ Quilt
"2025 will be critical" – Gate.MT CEO Giovani Cunti on Europe's Post
UPDATED: Nishi Obon Festival to Be Held July 8
A Banner Day for Local Girl Scout
Remembering a Pioneer
Supreme Court Sides with The Slants
Brown Appoints Three to CCLPEP Advisory Panel
"2025 will be critical" – Gate.MT CEO Giovani Cunti on Europe's Post
National Economic Advisor Concerned About U.S. Steel
‘Karate Kid’ Director Avildsen Dies at 81
OBITUARY: George Aki, 103; 442nd RCT Army Chaplain
Registration Open for Tanabata Festival Kazari
Metal Weapons Banned from Convention Center During Anime Expo
Waseda Friends Reception in L.A.
Rodney Tanaka Scores Big for Gardena
A warm welcome for Na′Vi at Adepto
5 frosty TV shows to cool you the hell downFrustrated officials use pizza to explain Russian election interferenceBest of San Diego ComicNintendo will reportedly fix 'JoyUber tests $25 monthly subscription for rides, food delivery, and moreHow boring your state is, based on its favorite ice cream flavorThe latest 'Harlots' twist rivals anything seen on 'Game of Thrones'Alan Moore, writer worst served by Hollywood, calls it quitsWhy Apple buying Intel's modem business is a big deal for the iPhoneApollo 11 moon landing videotapes sell for $1.8 million at auction Best generator deal: Save 47% on the Jackery Solar Generator at Amazon TikTok child privacy complaint sent to U.S. Dept. of Justice DJI Air 3 deal: Get $220 off at Amazon Hank Green finds the humor in cancer in his first YouTube tests new 'crowdsourced' fact Afghanistan vs. Bangladesh 2024 livestream: Watch T20 World Cup for free TikTok says U.S. ban violates the First Amendment right to free speech Wordle today: The answer and hints for June 21 West Indies vs. South Africa 2024 livestream: Watch T20 World Cup for free Afghanistan vs. Australia 2024 livestream: Watch T20 World Cup for free
0.137s , 8458.59375 kb
Copyright © 2025 Powered by 【beautiful sex videos tumblr】Enter to watch online.Google patched a major security flaw that could've exposed YouTubers' email addresses,Global Perspective Monitoring
