Comment by brookst
2 months ago
But then what? Given the number of accounts Google has, odds are that nearly every alphanumeric combo less than 8 or 10 characters plus “@gmail.com” is a google account. This vulnerability gets you other domains, but still not seeing it. Massive databases of email addresses are a dime a dozen.
The only angle I can imagine is phishing for high profile creators, and at most this is a “makes it easier” and not a “creates the problem” bug.
You could target accounts of users likely to be younger & more susceptible to phishing for passwords-- kids subscribed to channels with younger content. Or other interest-based targeting. It's not quite spear phishing, but still more targeted.
The back of an envelope can get you making silly claims quickly (ex. 26 ^ 8 is 208 billion)
I think you might be off by a factor of 10. Alphanumeric would be at least 36 characters, which would imply 2.8 trillion combininations (36 ^ 8).
yeah, I was doing the charitable as possible version
Not seeing the problem. Are you assuming that somehow there is at most one Gmail account per person on earth?
I have… I’m not sure. Ten maybe? And those are actual conveniences for different purposes. I’m sure plenty of people have hundreds, if not thousands. So what?
I'm a bit confused:
- I charitably went with 208 billion, 25 for every single individual on this planet.
- As the other replies note, I chose a misleading number that is off by an order of magnitude at even the most charitable reading
- You can't see the problem
I don't think it's fair to you to assume you can't see it, maybe you were in an old tab that had my reply but none of the descendants.