According to a report by Catalin Cimpanu on ZDNet.com, over 23 million youtube accounts were compromised and breached by hackers including high profile car and auto influencers. The cybercriminals launched a coordinated effort to “hijack” these Youtube channels, and the amount of specific car related accounts being hacked shows there must have been a database of this specific sector exposed. In Cimpanu’s investigation, he mentions that the technique used by these hackers is quite common known as “phishing” and in this instance “spear phishing” and that although a lot of these influencers had two way verifying authentication on their passwords they were still by passed.
Cimpanu’s investigation breaks down just how this “Spear Phishing” probably happened:
First the cybercriminals use phishing emails to lure the victim (Youtube account) onto fake google login pages, collecting the information the victim enters. The hacker then “breaks” into the victim’s google account, giving access to their Youtube channel and any other important accounts or pages associated with their google login. The hacker easily reassigns accounts and channels to new owner. The Youtube channels specific URL is changed giving the owner and viewers the impression it was deleted.
A Forbes.com report by Davey Winder, which helped bring light to Cimpanu’s investigation, received a skeptical response from a Youtube representative. The Youtube spokesperson sent Winder, “We have not seen evidence of an increase in hacking attempts over the weekend. We take account security very seriously and regularly notify users when we detect suspicious activity.”
So while there are always two sides to every story and Youtube’s statement completely contradicts ZDNet.com’s investigation, the two arguments provide perfect example as to why consumers need to take caution and warning when considering the privacy and protection of their accounts. Even major tech companies struggle to constantly protect consumers’ information. You should always take matters into your own hands by frequently updating passwords and using acronyms or other security techniques that are more difficult to hack.