YouTube Confirms Justin Bieber Hack Attack

An XSS flaw made it possible for hackers to insert JavaScript and HTML code into the comments section of a YouTube page and redirect fans to pornography sites and post a fake message about the singer's death.

Antone Gonsalves, Contributor

July 6, 2010

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Pranksters took advantage of a security flaw on YouTube to redirect fans of teen idol Justin Bieber's videos to pornography sites and post a message saying the singer died in car crash.

Google, which owns the video-sharing site, confirmed that the attack occurred over the holiday weekend and said the security hole was plugged within a couple of hours.

"We took swift action to fix a cross-site scripting vulnerability on YouTube.com," Google said in a statement e-mailed to InformationWeek.

The XSS flaw made it possible for hackers to insert JavaScript and HTML code into the comments section of a YouTube page. The code would redirect Bieber fans to porn sites when they attempted to play one of his videos, the BBC reported. In some cases, a pop-up screen would display a fictitious report that Bieber had died in a car crash. While the hackers may have sent some Bieber fans into a tizzy, they were not able to use the vulnerability to gain access to YouTube users' computers or to access Google user accounts or other properties. Google said it was studying the vulnerability to prevent a reoccurrence in the future. The latest prank comes as Google continues to search for ways to make the site more attractive to advertisers. Early this year, Google tested a temporary video-rental service with five films from the Sundance Film Festival. YouTube also launched the "Filmmakers Wanted" campaign to try to attract more independent filmmakers to join the rental program.

YouTube is the number one destination for online video in the United States. The site in May accounted for 43.1% of the 34 billion videos watched online, according to ComScore.

Read more about:

2010
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights