YouTube creators, particularly in the auto-tuning and car review community, have become target of a massive wave of account hijacks, a media report said on Tuesday.
The account hacks are the result of a coordinated campaign where hackers use phishing emails to lure victims on fake Google login pages from where they collect users’ account credentials, an investigation by ZDNet found.
Victims of the attacks that have hit the creator community over the weekend include several high-profile car reviewers, the report said.
A YouTube spokesperson, however, told that it has “not seen evidence of an increase in hacking attempts over the weekend.”
“We take account security very seriously and regularly notify users when we detect suspicious activity. We encourage users to enable two-factor authentication as part of Google’s account Security Checkup, which decreases the risk of hacking. If a user has reason to believe their account was compromised, they can notify our team to secure the account and regain control,” the YouTube spokesperson said in a statement.
Twitter, however, is flooded with complaints about missing channels from YouTube. Some users from India have also reported the atttacks.
“I am a subscriber & also a big fan of his work #Musafirakajoshi and Somebody hacked my brother Rahul joshi’s YouTube channel #Musafirakajoshi @YouTubeIndia Please get in touch with him as soon as possible. @YouTubeIndia And bring his channel back as soon,” wrote one Twitter user.
“The recent phishing attacks on YouTube are an escalation of a classic scheme, in which users are lured to fake login pages, where they enter legitimate credentials. Cybercriminals are always looking for the weakest link in the cybersecurity protecting valuable assets; in this case, it was users,” Jonathan Knudsen, Senior Security Strategist at Synopsys Integrity Group, said in statement.
According to a YouTube video from Life of Palos uploaded over the weekend, hackers were capable of bypassing two-factor authentication on users’ accounts.
Hackers targeting YouTubers might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes, he suggested. The best proactive defence against such attacks is education. With the right knowledge, many fewer users would have fallen victim to these attacks.
“While SMS 2-factor authentication is better than no second factor, this incident is still a reminder of its weaknesses which is why NIST stopped recommending its use back in 2016,” said Bill Lummis, Technical Program Manager at HackerOne.
“It is important that the industry moves towards newer tools such as time-based One-time Password (TOTP), which recycles numbers every 30-90 seconds on a physical device, or Universal 2nd Factor (U2F), such as Yubikey, given that attacks like this will only become easier to execute over time,” Lummis said.
WhatsApp us
Pingback: make up tips
Pingback: 카지노사이트
Pingback: Darknet
Pingback: ca nhạc thiếu nhi vui nhộn con heo đất mèo
Pingback: Online Slots
Pingback: Dylan Sellers
Pingback: CBD Gummies
Pingback: uniccshop.bazar
Pingback: new pornotube
Pingback: imitation patek philippe for sale
Pingback: English To Russian Translation
Pingback: cbd oil for pain
Pingback: how to add transitions on video star
Pingback: Bitcoin Era Review
Pingback: Bitcoin Loophole Platform Review
Pingback: 먹튀검증하는법
Pingback: dumps store
Pingback: devops
Pingback: web Design Services for Branding
Pingback: replica watch
Pingback: rolex gmt master replica
Pingback: CI-CD
Pingback: sex and the city season 6 cast
Pingback: replica rolex
Pingback: rolex replica
Pingback: instagram account audit
Pingback: you could look here
Pingback: chaturbate schreiben
Pingback: bolton escort girls
Pingback: flirt hrvatska
Pingback: psychedelic magic mushroom types
Pingback: Daily Devotional & Blessings
Pingback: two blotters of lsd,
Pingback: valid dumps with pin
Pingback: cvv dumps 1000$