Massive wave of account hijacks hits YouTube creators

mood · Sep 22, 2019

Massive wave of account hijacks hits YouTube creators
appears to be a coordinated attack
September 23, 2019
https://www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers.

Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list includes channels such as Built [Instagram post, YouTube channel], Troy Sowers [Instagram post, YouTube channel], MaxtChekVids [YouTube channel], PURE Function [Instagram post, YouTube Support post, YouTube channel], and Musafir [Instagram post, YouTube channel].

[...] especially over the weekend, with tens of complaints flooding Twitter [1, 2, 3, 4, 5, 6, 7, 8, 9, and many more] and the YouTube support forum [1, 2, 3, 4, 5, 6, 7, 8, 9, and many more].
COORDINATED CAMPAIGN BYPASSED 2FA
The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials.
Click to expand...

Minimalist · Sep 24, 2019

Google pushes back on scale of YouTube phishing threat

YouTube’s owner Google has pushed back against suggestions that up to 23 million user accounts on the video platform may be at risk of falling victim to a targeted phishing campaign, following a number of reports of high-profile influencers – many but not all of them active within the online car tuning and modification community – having their accounts compromised.
Click to expand...

https://www.computerweekly.com/news/252471181/Google-pushes-back-on-scale-of-YouTube-phishing-threat

mood · Jun 4, 2020

YouTube channel credentials in high demand on hacker forums
June 3, 2020
https://www.bleepingcomputer.com/ne...-credentials-in-high-demand-on-hacker-forums/

An increasing number of offers for stolen YouTube credentials has been noted recently on hacker and cybercrime forums, where access to accounts is sold in bulk.
Sellers advertise large lists of credentials that are verified for the availability of a YouTube channel and subscriber count.

YouTube community support is filled with complaints from users that lost access to their channel and were demanded a ransom.
Researchers at IntSights external threat intelligence company found that there’s an increased demand in YouTube credentials on underground markets, which also fuels data verification side businesses.

One post advertised an auction a log for 990,000 YouTube active channels that started at $1,500; anyone paying $2,500 got it without contest. The seller was looking to cash in fast, like other actors, for fear of victims reporting the mischief and reclaiming access to their accounts.
Click to expand...

IntSights: Stolen YouTube Credentials Growing in Popularity on Dark Web Forums

But over the past few weeks, IntSights researchers have observed yet another new trend in black markets and cybercrime forums that has rapidly growing demand: stolen credentials for prominent YouTube accounts.

While there are many ways for the attackers to target YouTube channel owners, it seems the recent accounts were cropped from databases containing Google credentials as well as from malware-infected computers. In the past, attackers used sophisticated phishing campaigns in combination with reverse proxy toolkits like Modlishka to defeat Google’s two-step verification (one-time password).
However, none of the current sellers mention 2FA, which may mean these accounts did not opt in for this additional security step.
Click to expand...

Log in or Sign up

Massive wave of account hijacks hits YouTube creators

mood Updates Team

Minimalist Registered Member

mood Updates Team

Log in or Sign up

Massive wave of account hijacks hits YouTube creators

mood Updates Team

Minimalist Registered Member

mood Updates Team

Useful Searches