Google has fixed a potential phone number leak.
Researchers at Brute Cat reported the possibility of obtaining Google users' phone numbers through an outdated account recovery form.
The disabled JavaScript support allowed, through two POST requests, to determine whether the phone number was linked to a Google account based on the displayed profile name.
The potential attack opened up wide opportunities for phishing and SIM card swap attacks.
Later, Google stated in a comment to Bleeping Computer that it had fixed this issue.
