Google has plugged a hole hackers used Sunday morning to festoon YouTube videos with off-color pop-ups and adult-site redirects, according to a news outlet.
Hackers took advantage of a cross-site scripting vulnerability that enabled them to insert code onto the popular video site's viewer-comments pages, IDG News Service said in a report. The hackers apparently had it in for Justin Bieber, focusing on clips related to the teen pop star, who's set to appear Sunday night on an NBC television celebration of the Fourth of July and who's reportedly one of the most popular attractions on YouTube.
According to IDG, a Google representative said the attackers' exploits would not have allowed them to access the Google accounts of YouTube visitors who encountered a hacked page. The representative said, though, that visitors should log out of their Google accounts and then log back in, just to be safe.
IDG also quoted a source who said that though the hack itself didn't involve malware, any landing pages to which visitors were redirected could have. The source said, however, that most antivirus software would be defense enough against that possibility.
Google said YouTube's comment sections were temporarily shut down in response to the hack.
"Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours," IDG quoted the company as saying. "We're continuing to study the vulnerability to help prevent similar issues in the future."