Google addressed a security flaw that could allow attackers to brute-force recovery phone numbers and leak sensitive account information. The vulnerability was exploited through a deprecated form that lacked anti-abuse protections, but has since been fixed by Google. #BruteforceAttack #AccountRecoveryVulnerability
Keypoints
- Google fixed a significant vulnerability in its account recovery system that could expose personal information.
- The flaw involved a deprecated form lacking anti-abuse protections, enabling rapid brute-force attempts.
- Attackers could discover full phone numbers and associated display names through this exploit.
- A successful attack could lead to SIM-swapping and unauthorized account access.
- Additional vulnerabilities in YouTube’s API were also found, exposing creator email addresses and channel details.
Read More: https://thehackernews.com/2025/06/researcher-found-flaw-to-discover-phone.html