YouTubers are increasingly concerned about a channel that is potentially putting other accounts at risk by simply interacting with a friendly comment: “wanna be friends?”
Spotlighting the issue was YouTuber ‘Evanz11’ who noticed a recurring theme across videos on the platform who had a relatively smaller reach or audience. Without fail, they would find the same comment, or closely structured ones, on uploads made by an account called ‘logan.’
“Thousands of people have lost their entire channels from this one, innocent comment,” Evanz said. “And it's one of the largest security breaches I’ve seen YouTube go through.”
The prevailing theory suggests that the person behind logan, as well as suspicious alternate names such as ‘Triby’ or ‘Sounds,’ just to name a few, figured out a way to somehow gain enough access to other people’s YouTube accounts to simulate organic channel growth.
“If you look at his first few videos, you’ll see his Comments [section is] just nothing,” Evanz explained. “Things people would literally never comment… Yeah, the real way he grew his channel so large was using bots. They’re all bots, but bots using real accounts. Your accounts.”
It is unknown how logan/Triby is seemingly gaining access to accounts that simply interact with the “wanna be friends” comments on other people’s videos.
Mutahar Anasnote from the ‘SomeOrdinaryGamers’ channel looked into the suspicious activity and believes the problem is a bit more nuanced.
According to Mutahar, the YouTube breach could be tied to the OAuth token system that lets accounts from different services interact and manipulate each other with prior user consent.
When linking accounts, apps will ask for permission to run the ‘tokens’ that it needs to perform its duties. There are some tokens, however, that ask for the ability to see, edit, or delete YouTube videos, ratings, comments, and captions in order to perform its functions.
While apps that ask for these permissions are not inherently malicious or bad, Mutahar believes logan found an exploit to use this token, or one like it, for the purposes of gaining surface-level access to other accounts.
For the time being, YouTubers are self-monitoring and unlinking their accounts to any third-party app that asks for these kinds of permissions as more evidence suggests that one of those services might have been compromised.