July 4 turned out to be a field day for hackers and chance cyber-saboteurs as they converged on the world's most popular video streaming site to wreck havoc using a cross-site scripting (XSS) vulnerability. They inserted malicious code in the comments section of many YouTube videos to trigger a series of anomalous events, including redirects to porn sites and nasty pop-ups, whenever a user visited a targeted video.
Justin Bieber fans were probably the worst hit
, with hackers and pranksters concertedly targeting the Canadian singer's videos.
But Google wasted little time in plugging the hole . "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson for YouTube's parent company said. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future."