YouTube accounts compromised in UAE
YouTube account holders able to access other user's accounts while using Etisalat's internet service
YouTube users in the UAE are currently able to access the accounts of other users, in what appears to be a data caching error.
When signed in on their own accounts, users are able to randomly view other user's pages including personal profiles, favourites lists and messages from other YouTube users.
The issue only appears to be present with on Etisalat's internet service, while users of the UAE's second ISP du, remain unaffected.
The issue has been replicated by the editorial teams of both itp.net and Windows Arabic magazine. In testing, the user profiles that were visible were for users that had logged into YouTube only a few hours previously, suggesting that the pages have been cached by either Google or Etisalat's own servers, and were somehow being accessed in error through the cache.
Neither Google nor Etisalat have responded to request for comment at the time of writing.
The issue appears to be very similar to a problem which was reported by users of Kuwaiti ISP FASTtelco , who said that they were able to see other users Gmail accounts and other personal details, although this was later denied by the ISP.
3288 days ago
I was the first to discover the problem with Youtube. See my blog from the night it was first discovered: http://blog.shijaz.com/2008/04/vulnerability-in-youtube.html Access to my blog was blocked in the UAE the following day and then restored without notice. Editor's note: Our Windows Middle East Arabic team say they have been looking at this problem for two weeks.