YouTube Email Leak Vulnerability Disclosed After Google Pays $10K Bounty

Figure 1: Visual representation of the BeyondTrust vulnerability chain

Security researchers disclosed on February 12, 2025, a vulnerability chain affecting Google services that could have allowed attackers to obtain the email address associated with any YouTube channel. The exploit combined two separate flaws: one in YouTube's internal API that leaked obfuscated Google account identifiers (Gaia IDs), and another in Google's Pixel Recorder service that converted those identifiers into email addresses.

The researchers, known as brutecat and nathan, reported the vulnerabilities to Google on September 15, 2024. Google's Vulnerability Reward Program awarded a total of $10,633 for the findings, with an initial payment of $3,133 in November 2024 and an additional $7,500 in December 2024. Both vulnerabilities were confirmed fixed by February 9, 2025, three days before public disclosure.

The potential impact was significant. YouTube hosts approximately 4 billion channels, and the attack chain could have been executed without alerting the target user. The researchers demonstrated a method to suppress notification emails by exploiting a lack of server-side validation on recording title lengths in Pixel Recorder.

Google's initial patch in October 2024 was incomplete, prompting the researchers to provide additional details about bypass methods. The company subsequently addressed both components of the vulnerability chain.

The vulnerability discovery began in September 2024 when brutecat examined Google's Internal People API discovery document. The researcher noticed that YouTube's block user functionality exposed obfuscated Gaia IDs, which are internal Google account identifiers.

On September 15, 2024, brutecat submitted a report to Google's Vulnerability Reward Program detailing how blocking a user on YouTube would add their Gaia ID to the blocker's Google account blocklist at myaccount.google.com/blocklist.

Google triaged the report on September 16, 2024, acknowledging the finding with a "Nice catch!" response, according to the researcher's published timeline.

On October 3, 2024, Google's security panel marked the report as a duplicate of an existing tracked bug and deployed a patch for the YouTube Gaia ID disclosure. The researchers informed Google that the patch was incomplete and that the Pixel Recorder vulnerability remained unaddressed. They also provided a workaround method to continue leaking YouTube channel Gaia IDs.

Google's panel awarded $3,133 on November 5, 2024, classifying the issue as an "abuse-related methodology with high impact" with medium exploitation likelihood.

On December 3, 2024, Google's product team sent the report back to the security panel for additional reward consideration and coordinated a disclosure date of February 3, 2025.

The panel awarded an additional $7,500 on December 12, 2024, upgrading the exploitation likelihood to "high" while applying a downgrade from the base amount due to the complexity of the attack chain.

Google requested a disclosure extension to February 2, 2025, on January 29, 2025. The researchers confirmed on February 9, 2025, that both parts of the exploit had been fixed, 147 days after the initial disclosure.

Figure 2: How the authentication bypass vulnerability works

The researchers demonstrated that YouTube's live chat context menu endpoint (/youtubei/v1/live_chat/get_item_context_menu) returned base64-encoded protobuf data containing the target user's Gaia ID. By manipulating the request parameters, an attacker could obtain the Gaia ID of any YouTube channel without requiring the target to participate in a live chat.

The second vulnerability resided in Google's Pixel Recorder service. The WriteShareList endpoint at pixelrecorder-pa.clients6.google.com accepted a Gaia ID as input and returned the corresponding email address in its response. The endpoint was designed to resolve user identifiers when sharing recordings.

The researchers discovered that sharing a recording with a target would normally send a notification email. They bypassed this protection by exploiting a lack of server-side validation on recording title lengths. By setting a recording title to 2.5 million characters, the notification system failed to send emails, allowing silent exploitation.

The attack chain required three steps: leak the Gaia ID from YouTube's Innertube endpoint, share a Pixel recording with an extremely long name to convert the Gaia ID to an email, and remove the target from the recording to clean up evidence.

The responsible disclosure process allowed Google to patch both vulnerabilities before public exploitation. The 147-day timeline from initial report to confirmed fix provided adequate time for remediation.

Google's Vulnerability Reward Program compensated the researchers appropriately, with the additional $7,500 award reflecting the severity reassessment after the initial patch proved incomplete.

The detailed public writeup provides educational value for security researchers studying API design flaws and cross-service vulnerability chains.

Figure 3: Privilege escalation from user to SYSTEM level

The vulnerability could have affected approximately 4 billion YouTube channels if exploited before the patch. Email addresses of content creators, public figures, and private individuals could have been exposed.

Google's initial patch in October 2024 was incomplete, requiring additional researcher input to address the full attack chain. The Pixel Recorder component remained vulnerable for several weeks after the first fix attempt.

The attack could be executed silently without alerting the target, as the researchers demonstrated a method to suppress notification emails.

The complexity of the attack chain, while noted as a mitigating factor in the bounty calculation, did not prevent exploitation. The researchers created a working proof-of-concept demonstrating the full attack.

Google assigns each account an obfuscated Gaia ID, a numeric identifier used internally across Google services. YouTube channels are linked to Google accounts but are designed to maintain separation between the public channel identity and the underlying account email.

When a user blocks someone on YouTube, the block propagates to Google's account-wide blocklist. The researchers discovered that this process exposed the blocked user's Gaia ID in the blocklist data structure.

YouTube's Innertube API, used for internal frontend-backend communication, processes requests through endpoints like get_item_context_menu. The researchers found that manipulating the base64-encoded protobuf parameters in these requests could return Gaia IDs for arbitrary channels.

Pixel Recorder, Google's voice recording application for Pixel phones, includes a sharing feature that resolves user identifiers to email addresses. The WriteShareList endpoint accepted Gaia IDs and returned corresponding emails, creating the second link in the attack chain.

The notification bypass exploited a missing server-side limit on recording title lengths. Email systems typically have subject line length limits, and the 2.5 million character title caused the notification to fail silently.

Technical context (optional): The protobuf encoding used in YouTube's API is a binary serialization format common across Google services. The researchers used standard base64 decoding and the protoc tool to analyze the data structures.

The vulnerability demonstrates risks inherent in cross-service data flows within large technology platforms. Google's ecosystem connects dozens of products, and security boundaries between services can create unexpected attack surfaces.

Privacy expectations for YouTube creators often assume separation between their public channel and personal Google account. The ability to deanonymize any channel undermines this assumption and could enable targeted harassment or phishing campaigns.

The incomplete initial patch highlights challenges in addressing complex vulnerability chains. Security teams must consider all components of an attack, not just the most visible entry point.

Bug bounty programs continue to prove valuable for identifying vulnerabilities before malicious exploitation. The $10,633 total payment reflects the severity of the finding while the responsible disclosure timeline allowed for remediation.

Confirmed:

• Both vulnerabilities have been patched as of February 9, 2025
• Google paid $10,633 total in bug bounty rewards
• The attack chain could obtain email addresses for any YouTube channel
• The researchers demonstrated a working proof-of-concept
• The notification bypass using long recording titles was functional

Unclear:

• Whether the vulnerabilities were exploited in the wild before patching
• The exact technical changes Google implemented to fix both issues
• Whether similar cross-service identifier leakage exists in other Google products
• The total number of channels potentially affected during the vulnerability window

Google's security team may conduct broader audits of cross-service data flows following this disclosure. Similar patterns could exist in other products that share user identifiers.

The Pixel Recorder service may receive additional security hardening, particularly around the sharing functionality and input validation.

YouTube's API security practices may be reviewed, especially regarding the exposure of internal identifiers through frontend endpoints.

Other researchers may examine Google's ecosystem for similar vulnerability chains combining multiple services.

1. Brutecat Security Research - "Leaking the email of any YouTube user for $10,000" - https://brutecat.com/articles/leaking-youtube-emails - Published February 12, 2025

2. Hacker News Discussion - Item ID 43024221 - https://news.ycombinator.com/item?id=43024221 - Published February 12, 2025

3. Google Account Support - "Block someone on Google" - https://support.google.com/accounts/answer/6388749 - Referenced in primary source