Yesterday was anything but relaxing for the YouTube team as they rushed to patch a vulnerability in the site's comment system. Slashdot reports that placing a tag at the beginning of a post allows users to run scripts on the page when the video starts playing.
"The tag itself is escaped, but everything following it is cheerfully placed in the page as is. Blacked out pages with giant red text scrolling across them, shock site redirects, and all sorts of other fun things have been spotted," writes Soulskill.
Though hackers didn't exclusively target one particular artist or YouTube user, it appears Canadian pop singer Justin Bieber and his fans were on the receiving end of a lot of the trickery; several videos showed a pop-up that said Bieber had died in a car crash.
Google said the problem was fixed about two hours after it was discovered.
"We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said. "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours."
It's still not certain who was behind the attacks, but a number of Websites say the folks at 4Chan are to blame for this one. The Next Web has screenshots from a 4Chan thread which suggests the group could be to blame for the incident.