### Explanation The primary goal of any business, including social media platforms, is to generate revenue. For social networks, this means monetizing user data and content. As a result, privacy and security of personal data often take a back seat to implementing new revenue-generating features. This business-driven approach means that social networks' implementations often contain flaws that expose undocumented ways to gather information about users. While critical security vulnerabilities are typically patched quickly, less severe privacy issues may remain unfixed for years. These issues can be exploited by both malicious actors and security researchers. A notable example was the [Google Analytics API vulnerability](https://twitter.com/subfnSecurity/status/1260295815890792448) that allowed retrieving alternate email addresses for Google accounts, which went unpatched for an extended period. ### Examples - [How to use Telegram group join links to extract his creator's ID](https://telegra.ph/How-to-find-the-owner-and-administrator-of-a-Telegram-channel-11-02) - a perfect example of a flow in user-generated links (fixed at the moment) - [How to get an alternate email for someone's Google account](https://twitter.com/subfnSecurity/status/1255741950914727942) ### Types - business - technical ### See also - {{internal links to similar weaknesses}} ### Typical techniques - {{internal links to typical techniques}}