I've watched some of the videos made about this but I'm highly skeptical of the "wormish" nature of this.
The claim is that by clicking the profile link or replying to the bot that comments stuff like "wanna be friends" on most youtube videos will place your own google account at the risk of getting hacked which, if true, would be a truly monumental security failure and also completely nonsensical to be used to just apparently boost some random channel subscribers count and not to do much bigger damage across the platform.
The claims also suggests that even accounts with 2fa are then easily hacked which would also suggest that the entire Google's authentication platform is flawed which I also have a difficulty believing. I'm sure that over the next few days we'll get some more details about this and will probably be nothing more that the regular phishing/scam/sms auth/credential stuffing hacks we've seen over and over again with (mostly) less security conscious and tech savvy people.
Still concerning from my non-youtuber point of view is the fact that these bots are apparently commenting on videos even before they are public which may suggest some sort of API or feed problem somewhere. Anyway, if this is in fact happening as suggested it's pretty serious and will probably become huge news. Still doubt it though.
The claim is that by clicking the profile link or replying to the bot that comments stuff like "wanna be friends" on most youtube videos will place your own google account at the risk of getting hacked which, if true, would be a truly monumental security failure and also completely nonsensical to be used to just apparently boost some random channel subscribers count and not to do much bigger damage across the platform.
The claims also suggests that even accounts with 2fa are then easily hacked which would also suggest that the entire Google's authentication platform is flawed which I also have a difficulty believing. I'm sure that over the next few days we'll get some more details about this and will probably be nothing more that the regular phishing/scam/sms auth/credential stuffing hacks we've seen over and over again with (mostly) less security conscious and tech savvy people.
Still concerning from my non-youtuber point of view is the fact that these bots are apparently commenting on videos even before they are public which may suggest some sort of API or feed problem somewhere. Anyway, if this is in fact happening as suggested it's pretty serious and will probably become huge news. Still doubt it though.