Several famous YouTube channel have been attacked over the weekend in highly organized cyberattacks and the hackers tend to specifically target influencers across several different types of platforms. Many techs, music, gaming, and Disney YouTubers took to Twitter to complain about their accounts being hacked, and the attack looks like a planned phishing operation.
Hackers got hold of a database, according to sources, and have been sending fake Google login pages to related email addresses. However, the pages gather address credentials, and those credentials are used to access YouTube accounts. The data is then passed to a new owner and the Channel’s URL address is changed, which makes the real owner and his subscribers believe their account has been deleted.
How this Cyberattack on YouTube happened?
It seems possible that it was not a “spray and pray” operation but a planned phishing campaign. Somebody seems to have gotten hold of a YouTuber database and sent them emails, luring them to a bogus Google login page. It has been used to gather information about their Google account, allowing the intruder access to their YouTube channels. When this is done, the hacker had reassign the famous account to new owners and had alter the page’s custom URL, leaving the original owner of the channel who believes the account has been deleted.
At least some of the accounts that were successfully compromised had employed two-factor authentication (2FA) for further security. This indicates that the attackers used a reverse proxy toolkit to intercept 2FA codes sent via SMS.
What's YouTube saying on these cyberattacks?
Despite the facts, YouTube told that it had “not seen signs of a rise in hacking attempts over the weekend.” However, the reality remains that now is a good time to heed the alerts about account hijacking and the alleged coordinated hacking campaign.
How do you secure your YouTube account from cyberattacks?
In the spirit of World Password Day, Teceze encourages all creators to back up their Google accounts’ protection. Unfortunately, we’ve seen a spike in the cyberattacks on YouTube channels over the past few months. We take protection seriously and want to help creators keep their accounts secure by enabling them to take these five steps, in addition to constantly enhancing our monitoring and systems:
1. Build a strong password
Using a secure password is a crucial factor in stopping a phishing attack. This will contain a mixture of uppercase, lowercase, numbers, symbols, and the maximum possible number. It’s also suggested that you change your password every three months if you can. This way you will be able to make sure the cybercriminals are stopped in their paths.
2. Frequently change your password
As if it needs to be repeated but be careful with your password – don’t use the same one you use on other sites and don’t write it down. In the digital world, we must dress warmly but the real world can be just as dangerous.
3. Fill a form on Google Recovery
It’s critical that you fill out your Google account with the recovery form. While you may not like the idea of giving the company your phone number, if you find that someone is trying to hack your account, it is a safe way to prevent bigger problems – you’re the only one who has access to the recovery code on your computer.
4. Be cautious with links
To begin with, be careful of any shortened link that reaches you, regardless of where it originates. Although most are secure, some conceal nasty surprises, like a malware that is automatically downloaded to steal information from your computer. Make sure you know where the link will take you to before clicking.
5. Don’t send your details through email
You should not trust emails that the password you access your YouTube account with will receive that request. In fact, if it comes from Google itself, be especially careful – an attack discovered a few months ago indicates that a malicious URL, in the guise of a corporate link, could get users to enter their information without knowing it.
In short, common sense and a bit of thoughtfulness will save you some huge headaches later when constructing your password. Simply search carefully where your personal details are entered, and that will avoid cybercriminals from getting their hands on them.
The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.