The Large YouTube Hack from "#OurMine"

K

KatyAdelson

I Love YTtalk
Staff member
:eek: There was a giant YouTube hack on April 13th where a group of hackers changed the video title and description of hundreds of YouTube videos. Here is an article about the incident:
https://www.digitalmusicnews.com/2017/04/14/ourmine-youtube-hack-heres-protect-account/

It appears that a YouTube Network, Studio71, was targeted, and many YouTubers from the network had their accounts hacked and video titles & descriptions changed to a URL and hashtag about "OurMine." Apparently the hackers had no intent to be malicious with their changes and, according to the article, were planning to restore everything back to the way it was. Some YouTubers who were attacked said that YouTube was also working to restore the titles and descriptions, but that they weren't sure what that would do to their comments and views that happened since the last backup. I'm not sure which restore happened first (the hackers restore, or YouTube's restore), but at least everything was restored!

Here's a picture from the article:

ourmine_youtube_acct.jpg


I'd imagine that these YouTubers have had a rather substantial decrease of their video SEO rankings during this whole ordeal, and it's scary to think that this could happen on such a large scale. This also reveals that the YouTube security is rather weak. Although changing a video title/description is annoying, I find it more concerning that a lot of YouTubers have their telephone verification and personal information tied to their accounts in some form, yet how "easy" it seemed to be for the hackers to access their accounts. I always thought having the telephone number verification check would add a layer of security, but with this hack showing the possibility to hack a section of Google on a massive scale, maybe it's not such a good situation that Google has so much documented information on all of their users. I think it's been more of an attack through Studio 71 rather than Google, but either way it's scary how this has happened across so many channels...

What are your thoughts about this? I think it's scary that the hackers were able to pull this off on so many channels, and I'm expecting to see a lot more of this kind of stuff in the future....
 
Say don't say a word about phone verification so I guess this may not have been enabled. Furthermore they advise to use strong passwords for all accounts that may administer your channel. So my best guess is that this hasn't been the case.
So what do I think about this case? People are way too careless when it comes to internet security. Especially celebrities seem to not realize that they are an interesting target for hackers. In my eyes not caring for security (enough) is about the same as not caring for community guidelines. If you don't do your homework you are busted.
 
I agree that it seems like it was a bit careless on someone's part, but I also suspect it was a hack through a 3rd party that has password access to the accounts (Studio71), rather than just YouTubers being careless with their security and telephone verification... A lot of people use tools linked to their accounts that could be targeted, and it's crazy to see how quickly this all happened. :eek:
 
I heard the hackers did it to promote their own channel (which the url link in the titles were sent to). And earlier today, Youtube shut down the hacker´s channel!

I feel it´s a bad way to promote your channel, did they really think they would go far with that line of promotion?
 
they didn't need a password and phone, the channels werent hacked. When joining some MCNs they allow them access to their channel. This usually included analytics and video manager where they can edit title and descriptions.
they could have denied access as soon as they heard about the hack and would have been safe.
 
Explains the email from our Yt brand manager over the Easter weekend asking us to double check 2-step verification is enabled! I though it odd they would be working Saturday.[DOUBLEPOST=1492340240,1492340047][/DOUBLEPOST]
KatyAdelson said:
A lot of people use tools linked to their accounts that could be targeted, and it's crazy to see how quickly this all happened. :eek:
Click to expand...

That's actually a scary thought. Although I trust Yt with security, can we be certain TubeBiddy, VidIQ, etc, etc, can't be hacked?
I wonder if this is an isolated incident or more may be on the way. Perhaps it's prudent to revoke all 3rd party access, only enable access when using the apps, hence decreasing susceptibility from 24 hours to 1 or 2 per day?
 
XXLRay said:
Say don't say a word about phone verification so I guess this may not have been enabled. Furthermore they advise to use strong passwords for all accounts that may administer your channel. So my best guess is that this hasn't been the case.
So what do I think about this case? People are way too careless when it comes to internet security. Especially celebrities seem to not realize that they are an interesting target for hackers. In my eyes not caring for security (enough) is about the same as not caring for community guidelines. If you don't do your homework you are busted.
Click to expand...
Problem is, they did it through the network, not through the creators' actual accounts, when you assign a network permission over your account, it's full control (as far as I know), but they only change things like monetisation they won't touch descriptions & such. So hack the network & you have control of the accounts that are a part of it, no matter how strong the security is for each individual account. The only way they could have been more secure would be to not be part of a network which is kind of silly if they're big Youtubers. This just goes to show, YouTube will need to implement stronger security between networks & the accounts they manage. They should probably add the feature to revoke app permissions in a more prominent spot, most of the people effected probably wouldn't have known where to find it.

They say their intent wasn't malicious but I think that's a crock of s**t. They knew what they were doing & a lot of YouTubers unfortunately will suffer for it.

KiddieToysReview said:
Although I trust Yt with security, can we be certain TubeBiddy, VidIQ, etc, etc, can't be hacked?
Click to expand...
http://www.tubefilter.com/2017/04/14/ourmine-hacks-studio71-roman-atwood-lilly-singh-logan-paul/ Nope, they are not safe. As long as the permissions are for full control. Apps like that I can understand having full control but Networks have no need to be able to modify your description, title or any SEO aspect. Should be monetisation and that's it.
"OurMine first began to target the YouTube community in earnest last November, when it hit channels like iJustine, KittiesMama, and The Bajan Canadian through VidIQ, a video optimization platform."
 
WolfWraith said:
Problem is, they did it through the network, not through the creators' actual accounts, when you assign a network permission over your account, it's full control (as far as I know), but they only change things like monetisation they won't touch descriptions & such. So hack the network & you have control of the accounts that are a part of it, no matter how strong the security is for each individual account. The only way they could have been more secure would be to not be part of a network which is kind of silly if they're big Youtubers. This just goes to show, YouTube will need to implement stronger security between networks & the accounts they manage. They should probably add the feature to revoke app permissions in a more prominent spot, most of the people effected probably wouldn't have known where to find it.

They say their intent wasn't malicious but I think that's a crock of s**t. They knew what they were doing & a lot of YouTubers unfortunately will suffer for it.


Nope, they are not safe. As long as the permissions are for full control. Apps like that I can understand having full control but Networks have no need to be able to modify your description, title or any SEO aspect. Should be monetisation and that's it.
"OurMine first began to target the YouTube community in earnest , when it hit channels like iJustine, KittiesMama, and The Bajan Canadian through VidIQ, a video optimization platform."
Click to expand...

Crap that aint good.
Ok, revoking all access to 3rd party apps on our accounts now. Until can get a better understanding of what can be hacked - can they delete videos via Tubebuddy access permissions?
 
That is why I will never join a network. 1: All they do is steal revenue and 2. They are a security risk. People must be so glad they joined up with Studio71 right now!
 
Damn this guys never seem to want to give up huh? They always seem to want to hack away other channels but I don't kwon there purposed for it, I know once they stole money but now they just seem to do it to promote? And yeah once you join a network they can manage your account videos but not your account per-se
 
You must log in or register to reply here.
Back
Top