Skip to Content
MIT Technology Review

A cybercriminal group is hijacking high-profile YouTube channels

Category:
YoutubeYoutube

The owners of roughly 23 million channels on YouTube have been warned to boost their security measures.

The news: Many accounts belonging to well-known YouTubers within the car community seem to have been hijacked as part of a “massive” attack, according to an investigation by ZDNet. The attack, which started last weekend, has affected accounts and influencers across other YouTube channel genres, too, including technology, music, gaming, and Disney.

How it happened: It seems likely that it was a coordinated phishing campaign rather than a “spray and pray” operation, ZDNet reported. It appears that someone got hold of a database of YouTubers and sent emails to them, luring them to a fake Google login page. This was used to collect their Google account details, giving the attacker access to their YouTube accounts. Once that is done, the hacker can reassign the popular account to new owners and change the custom URL for the page, leaving the channel's original owner thinking the account has been deleted.

YouTube’s response: Despite the evidence contained in the ZDNet report, YouTube told Forbes it has “not seen evidence in an increase in hacking attempts over the weekend.”

The attack: The method was not particularly remarkable—these sorts of phishing emails are the standard tools of cybercriminals. However, the targets make it interesting. And it shows how vulnerable online influencers can be: a well-placed attack can wipe out their entire livelihood.