Google’s Privacy Patch: Fixing YouTube’s Email Leak Fiasco! 🚨
Google has patched two vulnerabilities that could expose the email addresses of YouTube users, posing a privacy risk to those who thought they were incognito. Researchers Brutecat and Nathan found that YouTube and Pixel Recorder APIs could be exploited to retrieve users’ Gaia IDs and convert them into email addresses.
Hot Take:
Google’s latest episode of “Oops, We Did It Again” features a duet between YouTube and Pixel Recorder, harmonizing to the tune of privacy breaches. While Google’s swift fix saves the day, this vulnerability was a bit like discovering your diary is written in invisible ink but can be revealed with a splash of lemon juice. Kudos to BruteCat and Nathan for playing cybersecurity detectives and catching this villainous duo before they hit the top of the charts!
Key Points:
- Two vulnerabilities in YouTube and Pixel Recorder APIs could expose YouTube account emails.
- Researchers BruteCat and Nathan discovered the flaws, exploiting Gaia IDs to retrieve emails.
- The vulnerabilities posed significant privacy risks for anonymous YouTube users.
- Google has patched the vulnerabilities, increasing the bug bounty to $10,633 after the full scope was revealed.
- No evidence of active exploitation was found, and mitigations are now in place.