A number of well-known YouTube channels were hit by hackers this weekend in what apparently was a coordinated attack. According to ZD Net, a number of automotive YouTubers were hacked after a massive phishing expedition was unleashed on the car channel community.
ZD Net reported that the channels for Musafir (1.3 million YouTube subscribers), Troy Sowers (114,000 subscribers), maxtchekvids (48,000), PURE Function (39,000), and others had been affected. As of this writing, all of those YouTube channels were unavailable to view. And it appears that some of the YouTubers aren’t getting many answers.
“My Youtube Channel Got Hacked. Kindly Tag @youtubeindia And Tell Them About It Plus Tell Them To Get My Account Back As Soon As Possible,” Musafir wrote to his 88,000 Instagram followers.
https://www.instagram.com/p/B2t7vjWnsIC/
Wrote the Built channel on Instagram, “No news yet [YouTube] team must be off on the weekends.”
https://www.instagram.com/p/B2t2oAFnU-o/
“YouTube says ‘they’re working on it’ but I have not been able to get any additional information out of them,” Sowers wrote on Instagram. “I don’t know if it’s recoverable or if we have to start over. If we have to start over, you guys better be ready for some amazing content because I’ll be coming back better than ever!”
https://www.instagram.com/p/B2sj6kqBiHL/?igshid=pyw9v5n4la6h
ZD Net wrote that the attack appeared to be coordinated by hackers who apparently used emails to funnel users to fake Google login pages where they could then intercept the users’ credentials. Then, when the hackers got access to the YouTube channel accounts, they re-assigned them to new owners and effectively shut out the actual owners of the channels. The hackers continued by changing the YouTubers’ URLs so it appears the channel had been deleted.
YouTuber Life of Palos—who said that thousands of YouTube car channels received the phishing email chain—speculated that the hackers bypassed two-factor authentication on the affected channels by using a phishing toolkit called Modlishka that can capture the SMS codes sent by two-factor authentication. The PURE Function channel confirmed he was using two-factor authentication when he was hacked.
One expert told Forbes that no matter how clever the hacker is, they still need help from the person being affected.
“The vulnerability here is still the human,” James Houghton, the CEO of Phishing Tackle, said. “This attack relies on an individual clicking and following a click before checking the basics … [It’s a] lack of knowledge surrounding what to look out for in a phishing email and conversely what to look for in a legitimate email.”
READ MORE:
- YouTubers are exploiting Area 51 mania for content
- YouTube reverses decision to remove creators’ badges
- YouTuber to pay restitution after a teen fan died copying her video
H/T Forbes