Hack

[IAmRedJacket]

Not sure there's something you can do but your app is used to hack and upload video on YouTube. My account was hacked and suspended because ''Stekeblads Video Uploader'' gained access to my google account and uploaded fraudulent and misleading content. I'm just letting you know. Here is a screenshot (is in French): https://i.imgur.com/FFGVZ74.png

[Stekeblad]

Hi @IAmRedJacket someone have already posted an issue about this before and I have been investigating what I can.

I can't find anything that would allow someone to hack anyone because they used Stekeblads Video Uploader, Stekeblads Video Uploader can not access a user's channel without someone that is logged into that account gives it permission. Further, Stekeblads Video Uploader does not have permission to access anything except a YouTube channel so if you see anything being done to your Gmail, Google Drive or anything else in your Google account that can't be Stekeblads Video Uploader.

Stekeblads Video Uploader does not do anything to a user's channel unless the user telling it to do so, that is true if you use a official release from https://github.com/Stekeblad/Stekeblads-Video-Uploader/releases. The internet is full of bad guys releasing fake version of other programs that do bad things.

Stekeblads Video Uploader is a powerful tool to make it easier to upload videos to YouTube. If normal user's find something very useful then its likely that criminals will think so to and there is little we can do about it. My guess is on that they first got into your account in some way and then afterwards used Stekeblads Video Uploader to upload that bad content to your channel because that is faster and easier than going through YouTube's upload page.

I just released version 1.4.5 and made some changes that may disrupt anyone that use Stekeblads Video Uploader to do bad things but I am afraid it may only have a short term effect and do not know if I can do much more.

I hope you get your account and channel back and would like to suggest the following things to you, if you have not already done it. Change password, configure two factor authentication, review your account recovery options and withdraw access granted to all third party websites and apps like Stekeblads Video Uploader if you do not need them to have access.

[vmw007]

The only reason i made github account right now is to report the same thing to you. I got hacked and the hacker uploaded an aim bot related video using my youtube acc. Plz find out how this is happening and let me know how to secure my account. Do tell how the hacker managed to this. I've never used ur app before or even heard of it. Also i already have 2fa auth since 2018. Donno how they did this. I have a lot of personal things saved in my mail. Do u think they might have had access to ky gmail ?? :(

[dixon21511]

I have been using this program since January and none of my accounts has ever hacked, I have used more than one account during this time, and not one of my accounts has been hacked, maybe it’s not the program, but the fact that you are somewhere else lost their data and was used to upload videos? for the entire time of using this program, there has never been anything bad

[dixon21511]

I personally see it so that you get caught somewhere on a virus and your Google accounts are used to upload videos, since only 100 videos per day are allowed to be uploaded to your account, and thus people allow themselves more videos on YouTube, and the problem is not in the program but that you have lost your data somewhere, especially if you have never used this program, then the problem is definitely not in it

[vmw007]

I personally see it so that you get caught somewhere on a virus and your Google accounts are used to upload videos, since only 100 videos per day are allowed to be uploaded to your account, and thus people allow themselves more videos on YouTube, and the problem is not in the program but that you have lost your data somewhere, especially if you have never used this program, then the problem is definitely not in it

Even if thats the case ie my username and pass might be compromised, still noone can login as i have 2fa enabled. So how they managed to login and upload a video using ur progam ? Is there a way to create api and steal without logging into the acc ?

[Stekeblad]

@vmw007 I am not a security specialist nor employed by Google so I can't give you any direct help

I guess the safest option is to assume worst case scenario and that they may have full access to your account and act based on that until you can prove otherwise.

Accounts can be hacked in millions of way. 2FA is a very good way to secure accounts but its not perfect and there is still thousands of ways for hacker to get in, many of them more difficult than the once that only work without 2FA. Some technics could allow a hacker to get access to an account without 2FA codes, the password or even knowing the email address/username.

A quick search gave me the following Google Support page for users that have been hacked: https://support.google.com/accounts/answer/6294825?hl=en

[IAmRedJacket]

@Stekeblad yeah it's most certainly a problems on googles part I just wanted to make sure since I haven't seen any mention of it on the issue section of this guithub.