Scores of high-profile YouTube accounts were hacked over the weekend in a “coordinated” phishing attack, according to an investigation by ZDNet.
The YouTube account hijacks appeared to target those in the YouTube creator car community, resulting in a flood of complaints on Twitter and YouTube’s support forum.
ZDNet reports that YouTube creators were lured onto sites that appeared to be Google login pages. The malicious hackers then recorded account credentials entered onto the bogus page, giving the hackers control of the account.
Then, the hackers re-assigned the YouTube channel to a new owner and changed the vanity URL, making it appear as though the channel had been deleted.
Jonathan Knudsen, senior security strategist at Synopsys, described the YouTube account hacks as “an escalation of a classic scheme, in which users are lured to fake login pages”.
“Cybercriminals are always looking for the weakest link in the cybersecurity protecting valuable assets; in this case, it was users,” he added.
YouTube accounts hacked: 2FA bypassed
There were also reports that the YouTube account hacks bypassed two-factor authentication, although the method for this has not been confirmed.
A hacker told ZDNet that it appeared “someone got their hands on an email list with addresses from a specific sector. My money is on someone hacking into one of those social media influencer databases”.
Sam Curry, chief security officer at Cybereason, said: “The massive scale attack against YouTube users is a reminder that hackers, whether they are affiliated with a nation-state, a rogue group or are working on their own, have to only be right once to successfully breach an organisation. Their persistence will result in success nearly all the time.
“The defenders of these attacks, whether they be enterprises or consumers have to be right 100% of the time or run the risk of potentially damaging information loss and/or having the reputation of their brand tarnished.”
Verdict has reached out to Google, YouTube’s parent company, for comment.
“Without clicking on the link, the attackers have no gateway to your information, so it’s worth always taking pause to question the intention of an email and what it’s asking you to do,” advised ProPrivacy.com’s Damien Mason.
“If it’s asking you to take action, proceed to manually open the website in a new tab, directly from Google rather than clicking on links. Perpetrators rely on the victim’s value of convenience to get what they want.”