A security researcher discovered a method to leak any YouTube user's email address by exploiting a chain of vulnerabilities in YouTube's blocking system and Google's Pixel Recorder app, earning a $10,000 bug bounty. The exploit involved obtaining a user's Gaia ID through YouTube's API and converting it to an email address via Pixel Recorder's sharing functionality, while bypassing notification systems using an oversized recording title.

https://brutecat.com/articles/leaking-youtube-emails

#securityexploit #bugbounty #youtube #googleapi #privacy