Both YouTube and iTunes app store appear to have been hacked, according to reports by many users around the web.

Apparently, one of the issues is in YouTube where fake Justin Bieber videos are being posted. In each of the video pages, there are comments containing malformed HTML, which is causing an XSS attack. Users will receive a popup notifying them that Justin Bieber 'has been in to a car accident and killed'. Immediate attention is being brought up by YouTube DEV team, and apparently has been fixed.

This thread is one of the many that were started on the YouTube support forum about the issue.

Now, moving on to the iTunes app store hack, for rankings and account hacks. There have been signs of an attacker hacking the ranking system of the books category. Also, many users are reporting on Twitter and other social sites that their iTunes account has been hacked. Apple is well aware of this issue, and is looking to resolve it immediately.

For now, stay tuned here for more updates as the day progresses.

Wow that's a bit of a shock.

HOW it happened?
it was a simple script exploit in the comments.
e.g.

Code:

<script>IF_HTML_FUNCTION?<h1><marquee><font color="red">(YOUR TEXT HERE)<script>

WHO did it?
I know some will bicker about this, but here is the brake down of what happened. after sniffing around the 4chan forms, it goes like this.

ebaumsworld started it. then 4chan got the news via /v/. they started playing with it on game videos, then /g/ had a go. and of course /b/ got it, and that was when all the vids started to get raped.

HOW do I know?
I know what i've found and their may be more or less. but I was on 4chan this morning watching the activity. there was over 2-3 threads (plus others that 404'ed) staying at the top of /b/, and if you go on 4chan you know that if a thread stays at the top of /b/ for a while. then that's some popular thread.

WHAT should I do?
I suggest that you change your password, because some were bragging that they got some browser cookies from the exploit. I'm shore it was common 4chan trolls, but still.

Video: http://www.youtube.com/watch?v=Mjoa1WY35bE

http://www.google.com/support/forum/p/youtube/thread?tid=74f80a21ff7b9ccb&hl=en

DragonMaster Jay wrote:Both YouTube and iTunes app store appear to have been hacked, according to reports by many users around the web.

Apparently, one of the issues is in YouTube where fake Justin Bieber videos are being posted. In each of the video pages, there are comments containing malformed HTML, which is causing an XSS attack. Users will receive a popup notifying them that Justin Bieber 'has been in to a car accident and killed'.

Doesn't surprise me. I read awhile back ago on MSN about celebrity names used in scams such as Britney Spears and of course Lindsay Lohan. But when aren't there news about good o'l Lindsay?

Those types of traps (for Britney, Lindsay, etc.) are for SEO poisoning attacks.

This type of attack was just a joke attack, where the moron implanted a hate stance to Justin Bieber. Mostly used for Social Engineering.