YouTube fixes bug that could've allowed hacker to delete any video

Just think of a world where Justin Bieber didn't exist on YouTube.

See also

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacy-enhancing apps, extensions, and services can protect you both online and offline.

Read now

Now think of someone pocketing $5,000 after alerting Google to a bug that allowed a hacker to delete any Bieber video on the site?

That's "responsible" disclosure. But we can still dream of a quiet, Bieberless world.

Security researcher Kamil Hismatullin received the top-tier reward after he reported to the company how he could delete any video by spoofing the site into thinking he owned a video.

After hunting for cross-site scripting flaws, he stumbled upon a logical bug that allowed him to delete videos by entering a video ID against any session token.

By all accounts, it's a relatively simple bug to find, and to exploit.

Google's security team fixed the bug that day, and granted Hismatullin the four-figure sum shortly after for his disclosure.

A similar bug appeared in Facebook's own systems a few weeks ago, one that was also promptly fixed. A relatively simple bug could've allowed a hacker or malicious actor to delete any photo on the social networking site.