ZDNet reporter Catalin Cimpanu recently conducted an investigation and issued a warning to YouTube creators against a potential massive hack attack. As per the investigation, countless YouTube channels belonging to the car genre were recently compromised. Additionally, creators running other types of channels including Technology, Gaming, Disney and Music complained about being hacked.
Cimpanu’s investigation indicates towards a well-crafted phishing campaign. Speaking to a member of an internet forum known for hosting communications between account hackers, Cimpanu found out that someone had gained access to a “real nice database” and the attacks could be linked with it.
The influencers get tricked with emails leading them to a fake Google login page (which appears as highly authentic at first glance). Once the influencers submit their login details, they get sent to the attackers and the account holders are given the impression that their accounts have been taken down.
Some of the compromised accounts had been using two-factor authentication (2FA), according to the ZDNet report. This points towards the hackers using a reverse proxy toolkit to catch the 2FA codes sent to the users via text.
The CEO of Phishing Tackle James Houghton was quite impressed with this phishing campaign but said that no matter how impressive and well-coordinated the attacks have been, everything depends on the user following the instructions of the phishing email and that it all comes down to the target not investigating the authenticity of the email content.
Jake Moore, cybersecurity specialist at ESET, says that although the emails look highly authentic, small signs such as the presence of a link in the email body or finding the purpose of the email are enough reasons for the targets to save themselves from proceeding with the instructions in the phishing email.
Back to Houghton however, he states that the URL of the fake Google login page wasn’t looked at properly as it would probably be different from the original Google account page’s address. Earlier, lack of an HTTPS certificate for a site, represented by a green padlock in the browser address bar used to alert the users about a fake page/site. But with the removal of Extended Valid (EV) Certification information in the address bar, it’s not something a user can rely on to spot a fake address anymore.
Jake Moore still stresses on the importance of 2FA and suggests that people should use it but it should be an authenticator app and not a code sent via text.
Security researcher Sean Wright supports the use of Universal 2nd Factor (U2F) tokens for 2FA. Additionally, highly followed influencers should turn to Google’s Advanced Protection Program. This could restrict the access of some third-party apps but a tightened Google account security should be the main priority.
A YouTube spokesperson said that the company hasn’t witnessed an increase in hacking attempts over the weekend. However, it was mentioned in their statement that YouTube takes its account security very seriously and if a user has any reason to believe that their account was hacked, they could reach out to the security team to regain access and secure it. The spokesperson also asked users to utilize 2FA.
The spokesperson’s statement sounds a little odd as the ZDNet report claims that the hacking attempts were higher than ever during the weekend. Anyways, the YouTube creators should take note of the warning and proceed carefully from here on and prevent sharing their login details without proper investigation.
Photo: SASCHA STEINBACH / EPA-EFE/ REX / ShutterstockPho
Read next: Concerning Times Ahead for Facebook and YouTube as a New Report Accuses the Platforms of Having a Steroid Problem!
Cimpanu’s investigation indicates towards a well-crafted phishing campaign. Speaking to a member of an internet forum known for hosting communications between account hackers, Cimpanu found out that someone had gained access to a “real nice database” and the attacks could be linked with it.
The influencers get tricked with emails leading them to a fake Google login page (which appears as highly authentic at first glance). Once the influencers submit their login details, they get sent to the attackers and the account holders are given the impression that their accounts have been taken down.
Some of the compromised accounts had been using two-factor authentication (2FA), according to the ZDNet report. This points towards the hackers using a reverse proxy toolkit to catch the 2FA codes sent to the users via text.
The CEO of Phishing Tackle James Houghton was quite impressed with this phishing campaign but said that no matter how impressive and well-coordinated the attacks have been, everything depends on the user following the instructions of the phishing email and that it all comes down to the target not investigating the authenticity of the email content.
Jake Moore, cybersecurity specialist at ESET, says that although the emails look highly authentic, small signs such as the presence of a link in the email body or finding the purpose of the email are enough reasons for the targets to save themselves from proceeding with the instructions in the phishing email.
Back to Houghton however, he states that the URL of the fake Google login page wasn’t looked at properly as it would probably be different from the original Google account page’s address. Earlier, lack of an HTTPS certificate for a site, represented by a green padlock in the browser address bar used to alert the users about a fake page/site. But with the removal of Extended Valid (EV) Certification information in the address bar, it’s not something a user can rely on to spot a fake address anymore.
Jake Moore still stresses on the importance of 2FA and suggests that people should use it but it should be an authenticator app and not a code sent via text.
Security researcher Sean Wright supports the use of Universal 2nd Factor (U2F) tokens for 2FA. Additionally, highly followed influencers should turn to Google’s Advanced Protection Program. This could restrict the access of some third-party apps but a tightened Google account security should be the main priority.
A YouTube spokesperson said that the company hasn’t witnessed an increase in hacking attempts over the weekend. However, it was mentioned in their statement that YouTube takes its account security very seriously and if a user has any reason to believe that their account was hacked, they could reach out to the security team to regain access and secure it. The spokesperson also asked users to utilize 2FA.
The spokesperson’s statement sounds a little odd as the ZDNet report claims that the hacking attempts were higher than ever during the weekend. Anyways, the YouTube creators should take note of the warning and proceed carefully from here on and prevent sharing their login details without proper investigation.
Photo: SASCHA STEINBACH / EPA-EFE/ REX / ShutterstockPho
Read next: Concerning Times Ahead for Facebook and YouTube as a New Report Accuses the Platforms of Having a Steroid Problem!
