Toothpick flirts, Google leaks, and ICE ICE scammers

26 snips

Jun 11, 2025

Exploring the oddities of nightlife, the hosts hilariously recount sticky memories from a chaotic discotheque. They dive into a shocking Google vulnerability that exposes user data and highlight the rise of dangerous scams targeting immigrants using fear tactics. There's also a light-hearted take on navigating historical films, mixed with essential safety tips like the Dutch Reach technique for opening car doors. Expect a blend of tech talk, social commentary, and plenty of laughs.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Old-School Number Sharing

Graham describes a nostalgic club scene where people exchanged phone numbers by slipping business cards at discos. - This reflects how personal contact information was shared before digital platforms like Google.

INSIGHT

Google Privacy Flaw Exposed

Google's Looker platform inadvertently exposed users' full names and partial phone numbers linked to emails. - This undermines privacy for users seeking anonymity with their Google accounts or YouTube channels.

INSIGHT

Brute-Forcing Google Phone Numbers

Attackers could brute-force phone numbers linked to Google accounts using displayed last two digits and circumvent rate limits via IPv6. - In countries like the UK and Singapore, this process takes only minutes at low cost, threatening sensitive personal data.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Bruteforcing the phone number of any Google user - Brutecat.
Leaking the phone number of any Google user - YouTube.
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.
Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.
ICE Scammers Are On The Rise: What To Do - Newsweek.
Student visa holder tricked by fake ICE agent scam, loses thousands - Newsweek.
Conspiracy - IMDB.
Schindler’s List - IMDB.
Dutch Reach car door opening method - The AA.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

This podcast uses the following third-party services for analysis:

OP3 - https://op3.dev/privacy