Set as Homepage - Add to Favorites

【Roman Huber】

Source:Steady Information Network Editor:Games Time:2025-06-27 08:54:55

Google has fixed a security flaw that exposed the email addresses of YouTube users,Roman Huber a potentially massive privacy breach.

Google — which owns YouTube — has confirmed that the vulnerabilities discovered by cybersecurity researchers, who go by Brutecat and Nathan, have been addressed, according to a report in BleepingComputer.

Aside from the breach of privacy that would've affected all YouTube accounts, many YouTubers like controversial content creators, investigators, whistleblowers, and activists keep their identities anonymous to protect their safety. Exposing such users' emails could have had huge ramifications.

You May Also Like
SEE ALSO: Google is reportedly developing a ‘fake’ email feature to help you avoid spam

Brutecat discovered that blocking a user on YouTube revealed a unique internal identifier Google uses for each user across all of its platforms (Gmail, Google Drive, etc.) called a Gaia ID. They then figured out that simply clicking the three dot icon of a user's live chat profile to access the block function triggered an API request that revealed their Gaia ID.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This in itself is already a security flaw since it exposed the unique identifiers for YouTube accounts that is only meant to be used internally. But now that Brutecat was able to retrieve users' Gaia IDs, they set out to see if they could reveal the email addresses associated with each ID.

With Nathan's help, the two researchers surmised they could do this with "old forgotten Google products since they probably contained some bug or logic flaw to resolve a Gaia ID to an email." Using Google's Recorder app for Pixel devices, they tested sharing a recording with an obfuscated Gaia ID and blocked the user from receiving an email notification by renaming the file with a 2.5 million letter name, which broke the email notification system because it was too long.

Now that the hypothetical victim wouldn't be notified, the researchers sent the file sharing request with the Gaia IDs, effectively converting the ID into an email address.

Related Stories
  • Apple Maps follows Google, relabels Gulf of Mexico as America
  • Google: We're not participating in European fact-checking rules for Search or YouTube
  • YouTuber GamersNexus sues Honey over alleged scam

Thanks to Brutecat and Nathan's sleuthing, Google was able to lock down that vulnerability and prevent hackers from accessing everyone's email address associated with their YouTube accounts. The vulnerability was disclosed to Google in Sep. 2024 and was finally fixed on Feb. 9, 2025. That's a long time for potential exposure, but Google confirmed to BleepingComputer that there were "no signs that any attacker actively exploited the flaws."

In exchange for their work, the researchers received a cool $10,633. Phew, crisis averted.

Topics Cybersecurity YouTube

Previous:OpenAI's Sora review: Marques Brownlee breaks down the AI video model

Next:Instant Pot Duo Plus deal: $69.99 at Amazon

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Saudi Arabia vs. Trinidad and Tobago 2025 livestream: Watch Concacaf Gold Cup for freeWomen of the tech world march for their companies and their causesIs swallowing gum bad for you? Asking for a friend (Sean Spicer)Group FaceTime video calls could arrive with iOS 11Black women are dying of cervical cancer at twice the rate of white women, study showsNope, the Samsung Galaxy S8 is not coming in FebruaryEmma Watson hugging her mom at the Women's March is total sweetnessHere's a twist: M. Night Shyamalan is king of the box office againThe world’s best wildlife photography reveals a fragile, beautiful realmThe first photos from a revolutionary new weather satellite are gorgeousScientists have invented paper that can withstand water and fireTennis pros: Don't hit ball kids 'cos your hopes and dreams will be dashedComputer issue forces groundDon't believe reports that Trump is pulling the U.S. out of the United NationsThe most surprising team changes in pro 'League of Legends'Figuring out what Aussies think about Trump on Twitter is pretty difficultThe new Star Wars episode title means more than you thinkKeep your texts private in Trump's America (and everywhere else, too)'Smash 64' tournament ends in a marathon Pikachu duelChelsea Handler leads defiant, star Steve Jobs' really bad job application up for auction Renegade squirrel almost dies in Olympics snowboarding competition Student who survived school shooting mixes humor with activism tweets Women are sharing their side profile selfies to show noses of all sizes are beautiful Scoring 'Sable' took Japanese Breakfast into a whole new world 6 performances from the 2021 Tony Awards that stole the show Ski ballet is the magnificently weird Olympic sport that deserved better Olympian Gus Kenworthy took selfies with an albino raccoon in South Korea How to edit your Bitmoji on Snapchat Google just took visual search to a whole new level Hubble telescope peers deep into Milky Way galaxy, captures starfield Here's 1 emoji you definitely shouldn't tweet at J.K. Rowling Young activists lead Fridays for Future's global climate strike Facebook removes VR game at 2018 CPAC due to Parkland shooting Olympic announcers feel more about U.S.' cross How parents can talk to kids about residential schools Facebook offers up a $50 million distraction as it plots its metaverse Programmer pleads guilty to advising North Korea on evading sanctions via cryptocurrency Scott Moir watching hockey is more fun to watch than hockey 'Squid Game' is a pastel nightmare with a lot to say

3.2335s , 10139.171875 kb

Copyright © 2025 Powered by 【Roman Huber】,Steady Information Network  

Sitemap

Top

Quick Links