Security News

Coordinated Attack Targets and Hijacks High Profile YouTube Accounts

High-profile accounts from the YouTube creators car community have been hacked and hijacked in what appears to be a coordinated attack, with one YouTube car enthusiast claiming that around 100,000 users were targeted.

ZDNet reports that those affected received a phishing email that sent them to a fake Google login page, which collected the users' account details. With this information, the hackers broke into the users' Google account and re-assigned the channel to a new owner/s, who then changed the channel's vanity URL, so the original user (and their followers) thought the account had been deleted.

The owner of one YouTube channel even had a two-factor authentication on his account, prompting speculation that hackers used a reverse proxy-based phishing toolkit.

One hacker, who is active on a forum known for trafficking hacked accounts, said the hacked accounts have all the signs of being 'regular business': "These campaigns targeting car accounts are something normal. Someone got their hands on an email list with addresses from a specific sector. My money is on someone hacking into one of those social media influencer databases."

The hacker suggested keep a watch on OGUsers and the Russian forums: "These accounts need to be dumped really quick before YouTube gives them back to their original owners. You need to sell hacked accounts real quick before they become worthless."

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts