YouTube Creators Hit by a Major Account Takeover Attack

YouTubers Hit by an Account Takeover Attack

Individual users fall victims to phishing and lose access to their online accounts on a daily basis, and this sort of thing rarely makes the news. When an attack is aimed at some of the most influential names in an entire community, however, it is bound to attract more attention. We seem to be in the middle of one such attack.

Last week, Catalin Cimpanu, a ZDNet reporter, was told that quite a few prominent YouTube channels followed by large numbers of car enthusiasts appeared to have been deleted. Cimpanu took a look, and he quickly realized that there is indeed a large-scale campaign targeting popular content creators that produce videos dedicated to all things automotive. The attack started at the beginning of last week, and it hit channels like Troy Sowers (which had 115 thousand subscribers according to Social Blade), Built (which had 130 thousand subscribers according to the owner's own calculations), and MaxtChekVids (which had about 50 thousand subscribers according to the owner's Instagram bio). At first, only creators from the automotive community were targeted, but by the end of last week, YouTubers producing other types of content also started complaining.

YouTubers fall for a phishing scam

YouTube account owners will be relieved to hear that the accounts weren't taken over due to a data breach at the world's most popular video sharing platform. The channels were hijacked because their owners got tricked into entering their login details at a phishing page. According to the owner of the Built channel, the crooks were "very convincing" and pretended to be ad salesmen.

Apparently, using some social engineering, the phishers managed to fool the content creators into clicking a link and going to what appeared to be Google's login page. Once the hackers had the victim's usernames and passwords, they would log into the targeted YouTube accounts and would first change the email address and all the other contact details saved by the owner. After that, they would change the channel's custom URL to make it look as if it'd been deleted.

The criminals knew what they were doing

Although the attack has already received a lot of media attention, none of the channels have been recovered as of the time of writing. The affected content creators are in constant contact with Google, but they all say that they haven't been given an ETA on when (and if) the channels will be put back under their control. We are talking about popular, monetized channels which means that their owners are losing money because of the attack. This is where we need to ask if they had done everything they can to protect them.

Well, at least some of them claim that they had two-factor authentication enabled at the time of the attack, which means that the crooks somehow managed to get past it. There's plenty of speculation around how they managed to do it, with some people claiming that a sophisticated phishing tool named Modlishka was involved. This information can be neither confirmed nor disproved, though. Not least because surprisingly or not, YouTube doesn't seem too concerned about what is undoubtedly a rather serious attack.

Forbes' Davey Winder requested a comment from YouTube representatives who told him that they have seen no spikes in hacking attempts. This, you have to agree, is odd considering all the evidence which suggests that YouTubers are targeted by a well-coordinated phishing attack.

Catalin Cimpanu wanted to learn more about it which is why he got in touch with one of the people who frequent internet forums that facilitate the trade of phished login credentials. Cimpanu's source (who goes by the nickname Askamani) said that whoever launched the campaign probably had access to a large database of influencers' contact details. This is something content creators should definitely bear in mind.

The hacker also said that the attackers will probably be in a hurry to sell the channels before their owners are let back in. YouTube could really do worse than be even quicker with helping victims get their accounts back.

By Duran
September 24, 2019
News
English
September 24, 2019
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Delete Your Airbnb Account Permanently

Airbnb‌,‌ ‌I‌n‌c‌.‌, is a US online market and hospitality service brokerage firm based in San Francisco, California. Members of AirBnB can use the marketplace to set up or offer lodging, which are mostly homestays,... Read more

June 26, 2019
How To

How to Recover Forgotten Rocketmail Account Password

Did you know that RocketMail was one of the Internet's biggest email service providers since the 90s? Some of you younger readers might not even have been born yet, but the 90s was a magical time of bad fashion,... Read more

May 8, 2019
How To

How to Reset Your Slack Account Password

Slack has seen a lot of change and growth since its launch in August 2013, gaining popularity for its brand and establishing itself as one of the best means of business communication within a company. As it stands... Read more

May 16, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.