Google fixes flaw that could unmask YouTube users' email addresses
(www.bleepingcomputer.com)
from Mindwolf@lemm.ee to technology@lemmy.world on 12 Feb 14:10
https://lemm.ee/post/55332535
from Mindwolf@lemm.ee to technology@lemmy.world on 12 Feb 14:10
https://lemm.ee/post/55332535
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously.
The flaws were discovered by security researchers Brutecat (brutecat.com) and Nathan (schizo.org), who found that YouTube and Pixel Recorder APIs could be used to obtain user’s Google Gaia IDs and convert them into their email addresses.
The ability to convert a YouTube channel into an owner’s email address is a significant privacy risk to content creators, whistleblowers, and activists relying on being anonymous online.
threaded - newest
Where’s the link to that exploit? At least point us to it.
lemmy.world/post/25476485
feddit.org/post/7894572 earliest post I could find. It’s a clever exploit, but it was patched 3 days ago.
Time to go back to the good ‘backfiring’ mail addresses, like we used in the 90’s:
Youtube.sold.this.address@myomain.xy