Set as Homepage - Add to Favorites

【Busty Lifeguards (2010)】

Source:Miracle Information Network Editor:Games Time:2025-06-26 02:28:11

Google has fixed a security flaw that exposed the email addresses of YouTube users,Busty Lifeguards (2010) a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:The Poor Under Attack

Next:Louie and Roy

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Exit Art, 1982–2012 by Hua HsuThe Grandmaster Hoax by Lincoln MichelThe Smell of Books; the Power of ‘Wuthering Heights’ by Sadie SteinMusk admits Twitter Blue defeat with Twitter's new CEO hireWalk Like Updike, Live Like Lowell, Eat Your Words by Sadie SteinAdrienne Rich by Robyn CreswellThe History of English in Ten Minutes, Dystopian Dream Books, and Other NewsTikTok says it's not going anywhere after Trump promised a ban13 best deepfake videos that'll mess with your brainExit Art, 1982–2012 by Hua HsuTikTok discovered 'green needle vs. brainstorm' two years later and it blew up againPixel 7a vs. iPhone 14 vs. Samsung Galaxy S23: Comparing specs, priceDr. Fauci has the perfect reaction to Rep. Jim Jordan's wild questioning#ChallengeAccepted is messy as hell, but we have bigger things to worry aboutElon Musk claims Twitter has hired a new CEO but doesn't reveal who she isThings We Love: Apollinaire, Office Chairs, Flabbergasting Vulgarity by The Paris Review'BlackBerry' review: Comedy is sparked from true tech tragedyCleavage sex: what is it and how do you do it?Rite Aid surveilled customers using facial recognition tech with links to ChinaThe Rescue by John Banville Coronavirus is not the man now dog: YTMND is back, and just in time Best desktop companions to make working from home less lonely 'Game of Thrones' direwolf dog named Odin passes away Apple's iPhone 12 still scheduled for a fall launch, report says 10 TV characters who redefined masculinity 3 Zoom alternatives to protect your privacy on video calls 10 iconic movie sweaters, ranked by how cozy they actually look How the first 100 days have gone for the rest of Trump's team 17 'Tiger King' memes that'll make you laugh Hackers are exploiting Zoom’s newfound popularity amid coronavirus pandemic Instacart will provide 'safety kits' to Shoppers, still no hazard pay Exclusive: I thought being a mom would be easier. I miss my old life. Apple's iPhone SE successor will, apparently, be called iPhone SE J.K. Rowling's advice to her 1997 self is extremely relatable All the anti You don’t have to feel bad about grocery shopping online during the coronavirus outbreak Pretend you're not in quarantine with these 7 beach livestreams from around the world Jonathan Frakes, please don't tweet LeVar Burton's Zoom Meeting ID Google stops selling Pixel 3 and Pixel 3 XL Quarantine streaming is changing the typical hours we watch TV

2.6637s , 8223.03125 kb

Copyright © 2025 Powered by 【Busty Lifeguards (2010)】,Miracle Information Network  

Sitemap

Top

Quick Links