author: Bart Swiatek
Youtuber Tricked YouTube to Win a Prestigious Award
Youtuber Jack „JackSucksatLife” Welsh used the exploit to win the so-called Diamond Play button - an award that is given to content creators with more than 10 million subscribers. The platform was notified of the vulnerability that allowed the fraud.
IN A NUTSHELL:
- Youtuber Jack "JackSucksatLife" Welsh used the exploit to get the Diamond Play Button, awardrd to creators with over 10 million subscribers;
- To get the prize, he used a website used to ask for replacement awards;
- Jack Welsh impersonated another youtuber;
- The user notified the company manufacturing the awards of the loophole and it was promptly eliminated.
Youtuber Jack "JackSucksatLife" Welsh used an exploit to win an award that is given to creators with more than 10 million subscribers on the platform - the so-called Diamond Play Button (the penultimate award of this type - there is also the Red Diamond award, granted for cross the 100 million subscribers, so far awarded only to PewDiePie and T-Series received).
The Internet user in question has so far attracted 1.3 million users, so he was still a long way from receiving the diamond button. However, a friend (joshkapranos) told him how to outsmart the company and get the award earlier - it was necessary to enter a website where we can ask for a replacement of the award in case of its damage, loss or theft (for a fee - the button costs 3 thousand dollars. The website is available after entering a special code. The fraud also required impersonating another creator (in this case it was KSI) and modifying the URL in the browser.
It is noteworthy that Jack Welsh notified the award company of the security gap before the publication of his video on the subject. The exploit was eliminated.