Techly NewsGet the app

Get the latest tech news

Leaking the email of any YouTube user for $10k


What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel

< Back Some time ago, I was looking for a research target in Google and was digging through the Internal People API (Staging) discovery document until I noticed something interesting: Nathan made a test recording on his Pixel phone and synced it to his Google account so we could access the endpoints on the web at https://recorder.google.com:‎ 03/10/24 - Panel marks it as duplicate of existing-tracked bug, does botched patch of initial YouTube obfuscated Gaia ID disclosure 03/10/24 - Clarified to vendor that they haven't recognized Pixel recorder as vulnerability itself (since obfuscated Gaia IDs are leaked for Google Maps/Play reviewers) and provided vendor a work-around method to once again leak YouTube channel obfuscated Gaia IDs 05/11/24 - Panel awards $3,133.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of YouTube

YouTube

Photo of email

email

Photo of YouTube user

YouTube user

Related news:

News photo

Watching YouTube on TV is now more popular than mobile in the US

News photo

Unity slashes jobs, tells employees they're unemployed via 5am email

News photo

YouTube wants to use machine learning to figure out who's lying about their age

« "Terrible" World of Warcraft film a "huge distraction" that delayed expansions and patches, ex-Activision Blizzard boss says
Effort to Save VC Tax Break Has Become Familiar, Nerve-racking Ritual »