Ask HN: Vulnerability that reveals Google user identity

2 points by ChicagoBoy11 ↗ HN
Hi everyone,

I remember reading here (I believe) an article which someone wrote detailing how Google API endpoints could leak if a particular account was logged in or not. To make things even worse, the researcher mentioned that the endpoint did not seem to be rate limited, allowing you to go through an extensive list of address to pinpoint if a specific user was accessing your site.

I'm a teacher doing a privacy lesson and wanted to discuss this with my students, but for the life of me cannot find the article in question. If anyone remembers it, I'd love to be pointed to it again!

2 comments

[ 4.2 ms ] story [ 13.7 ms ] thread