In the recent weeks, several YouTube channels have been hijacked. Most of these hijacks happened within the cars review and the vehicle tune - up communities. Some victims of these attacks include: Built, Troy Sowers, MaxtChekVids, PURE Function and Musafir. Although the main source, this was not the community under attack. These hacks have caused an uproar on social media throughout the Twitter and YouTube Support Forum.
The accounts being hacked were results of a coordinated attacks which lure users with messages to phishing websites which logged their credentials.
Users had received individual emails, while others received email chains. The Hackers bypassed 2FA (Two Factor Authentication.) It is said they used a reverse proxy-based phishing toolkit that can intercept 2FA SMS codes.
ZDnet has followed up with YouTube staff and have a general idea of the attack chain used below:
Many of the hijacked sites have a traffic surge of hackers selling the accounts to the highest bidder. YouTube must regain ownership of these compromised accounts and in turn place ownership back with the original owners.
ZDNet also spoke with a hacker named Askamani, active on OGUsers, an internet forum known for trafficking access to hacked accounts.
Askamani said that the campaign that targeted members of the YouTube car community has all the signs of "regular business."
Later Askamani states that someone must’ve hacked a social media influencer database.
Remember to stay safe on social media platforms! Only include the information that is necessary.
Designated as a Center for Academic Excellence in Information Systems Security Education by the US National Security Agency, UAT offers an ethical hacking degree that’s highly recognized by industry and government entities alike.
Catalin Cimpanu. (n.d.). Retrieved from https://www.zdnet.com/meet-the-team/u/catalin.cimpanu/
Cimpanu, C. (2019, September 23). Massive wave of account hijacks hits YouTube creators. Retrieved from https://www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/
Technology News, Analysis, Comments and Product Reviews for IT Professionals. (n.d.). Retrieved from https://www.zdnet.com/