Comment by UncleMeat
2 months ago
I think we can imagine reasons why this would be valuable. It's a vuln. That's worth know about and fixing.
I'm not sure that there are terribly many black market opportunities for "every bit of information" such that this should be a six figure payout or whatever.
Sure, but here's some examples that may be worth a lot of money to the right person, or can just cause a lot of harm:
- Regime critics with a channel on YT.
- Vulnerable individuals and others trying to keep their identity a secret. Putting yourself on YT means putting yourself in front of every deranged individual out there.
- Trump quite famously runs some of his own social media accounts personally, for better or for worse. And even where he doesn't, he probably retains ultimate control - in the case of YT it might be his personal google account that created the channel. He's probably not the only high value target to do so.
Also if you happen to be in any date leak, being able to figure out your private e-mail address gives attackers another place to check whether you re-used a password.
This is the “heist vs exploit sale” dichotomy that tptacek mentions.
For any vuln you can make up a hypothetical one off usage. But to find the right buyer for that is effectively building a team ala The Great Muppet Caper.