On September 24, 2019, ZDNet researchers revealed that many YouTube creators have become victims to large-scale account hijacks. The attackers have mostly targeted content creators in the auto-tuning and car review community. Victims received phishing emails using fake Google login pages, and collected users' credentials. Once they know the account details, hackers log in and change the vanity URL of the channel so that the owners are unable to access it.
Attackers resorted to several different ways of luring victims. Some received individual emails while some received email chains that included the addresses of YouTube creators from the same community, which gave the appearance of it being legitimate. The surprising part was that hackers were able to bypass two-factor authentication on their accounts. According to Life of Palos, a car-based channel owner, the hackers might have used reverse proxy-based Modlishka phishing toolkit to carry out these attacks.
A hacker named Askamani, a member of OGUsers, told ZDNet that it appears as though the perpetrators must have somehow obtained access to a database with all the credentials. He said that the hackers must quickly sell the stolen accounts before YouTube recovers all the hijacked accounts. So far, Google has not made any statement on the issue.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.