
YouTube accounts being hacked by an apparent worm delivered via comments - artursapek
https://youtu.be/q853HSIl8u0
======
lgl
I've watched some of the videos made about this but I'm highly skeptical of
the "wormish" nature of this.

The claim is that by clicking the profile link or replying to the bot that
comments stuff like "wanna be friends" on most youtube videos will place your
own google account at the risk of getting hacked which, if true, would be a
truly monumental security failure and also completely nonsensical to be used
to just apparently boost some random channel subscribers count and not to do
much bigger damage across the platform.

The claims also suggests that even accounts with 2fa are then easily hacked
which would also suggest that the entire Google's authentication platform is
flawed which I also have a difficulty believing. I'm sure that over the next
few days we'll get some more details about this and will probably be nothing
more that the regular phishing/scam/sms auth/credential stuffing hacks we've
seen over and over again with (mostly) less security conscious and tech savvy
people.

Still concerning from my non-youtuber point of view is the fact that these
bots are apparently commenting on videos even before they are public which may
suggest some sort of API or feed problem somewhere. Anyway, if this is in fact
happening as suggested it's pretty serious and will probably become huge news.
Still doubt it though.

~~~
artursapek
Yeah it's very unclear but there's enough anecdotes that it doesn't seem like
it's nothing. I wonder whether this develops further.

