‘Massive’ Coordinated Campaign Hijacked Many YouTube Accounts

An anonymous reader quotes ZDNet: A massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already… But the YouTube car community wasn’t the only one targeted. Other YouTube creators also reported having their accounts hijacked last week, and especially over [last] weekend, with tens of complaints flooding Twitter and the YouTube support forum.

The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials… Some users reported receiving individual emails, while others said they received email chains that included the addresses of multiple YouTube creators, usually from the same community or niche… Ryan Scott, the owner of the PURE Function YouTube channel confirmed he used two-factor authentication on his account, validating that hackers did bypass 2FA on some of the hacked accounts.

Google did not return a request for comment.


The article includes links to 9 different complaints in YouTube’s support forum — and another 9 complaints from Twitter — adding that they’d found “many more.”

MIT’s Technology Review reports that YouTube warned the owners of roughly 23 million channels to boost their security measures.