Google has fixed a security flaw that exposed the email addresses of YouTube users,older married sex video a potentially massive privacy breach.
Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.
Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.
Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.
This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.
With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.
Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.
Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."
In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.
Cloud9 edge past 9z to advance to Roobet Cup semi
Best MacBook Air deal: Get the 15
Japanese Chefs United Donates to L.A. Fire Department Foundation to Support Firefighting Efforts
Former Councilmember Charged with Lying About Residency
Venue for IEM Rio Challengers and Legends Stages unveiled
MOUZ invited to Elisa Masters Espoo
Wrestling Event in Little Tokyo
Liquid wallop VP in debut with new roster
OG invited to IEM Dallas; regali to step in for degster
New Japanese Cultural Center in Redlands
‘Changing Perspectives’ Conference on WWII Incarceration
Maehara, Civil Rights Groups Speak Out Against Hate Crimes
Still With Us in Thoughts, Deeds and Love
True to Brew
‘Blood Hina’ Available in Paperback
Little Tokyo Parkinson’s Group to Meet
Rehearsals for Nisei Week Ondo Begin July 15 at JACCC
Maehara, Civil Rights Groups Speak Out Against Hate Crimes
Website Focusing on ‘Assembly Centers’ to Be Launched
HEROIC map win overturned at EPL after player uses Snap Tap
Photos from 2022 March For Our Lives protestsAmazon will launch its drone delivery service later this yearForget 'Jurassic World: Dominion' — 'Prehistoric Planet' is mustBest beauty tech gadgets of 2022, so farApple WWDC 2022: New MacBook Air is the first to feature new M2 chip:12 Chrome extensions that will help you save timeWhat are NFTs? Everything you need to know.Twitter launches new Product Drops shopping feature on iOS devicesApple WWDC 2022: 'Daddy' Craig Federighi is the real MVP'Jurassic World: Dominion' review: A big, dumb animal that deserves extinction John Oliver's attempt to reconnect with his 2 favorite otter mascots is hilariously emotional Save $50 on two Portal devices and make long It's on: Tesla Cybertruck and Ford F The world's largest battery is about to get even bigger Huawei out Baby Yoda toys and other merchandise will arrive in time for Christmas NASA scientists flew over Antarctica and captured a gnarly world 10 new Christmas TV movies from Netflix, Hulu and more 3 Jeopardy contestants somehow didn't recognize Tom Hanks Elon Musk’s Cybertruck is a weird FU to Tesla haters
0.1817s , 14308.109375 kb
Copyright © 2025 Powered by 【older married sex video】Google patched a major security flaw that could've exposed YouTubers' email addresses,Feature Flash
