Ted Ranosa, Tech Times

Several prominent YouTube creators may have unwittingly been victimized by a massive wave of account hijacking, according to a cybersecurity report.

News about a possible YouTube account hacks have been circulating on social media over the past few days. The cyberattacks seemingly targeted a number of well-known car enthusiast channels at first, but it's now being reported that they may have also disrupted other interest channels as well.

Phishing Attacks Against YouTubers

In an article by ZDNet, the recent account hijackings may have stemmed from a coordinated phishing attack.

One YouTuber was lucky enough to retrieve access to their account. They said YouTube staff sent them additional information about how phishing attacks are usually carried out.

The security warning said that hackers often use fake emails to lure targets on fake Google login pages. This is where they would collect their victim's account credentials. The criminals would then use the information to break into Google accounts.

Hackers often change the YouTube account settings to re-assign the channel to a new owner. They also change the channel's vanity URL to make it appear to the original account owner and their followers that it had already been deleted.

Phishing attacks usually involve the use of different types of messages. Some users said they received bogus individual messages, while others claimed that they got email chains that had the addresses of a number of YouTube creators. Most of these email addresses are usually taken from the same YouTube community or niche.

This is what appears to have befallen several YouTubers that are members of the car community. Some channels, such as Built, Troy Sowers, MaxtChekVids, PURE Function, and Musafir, have been deleted from the video streaming website.

Creators from other niche communities have also gone on Twitter to complain about the recent hackings. Many of them asked YouTube's help in retrieving access to their channels, but the website's tech team has yet to reach out to all the victims.

Bypassing Two-Factor Authentication

YouTube channel Life of Palos reported that the hackers behind the account hijackings may have been able to bypass the two-factor authentication on user accounts.

While the channel claimed that the criminals may have used a reverse proxy-based phishing toolkit known as Modlishka to execute their attacks, there's no evidence to suggest that this is actually the case. The scam may have also been launched using other similar phishing toolkits, as noted by ZDNet.

Google has yet to issue a statement regarding YouTubers' claims about the account hijackings.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Youtube Hacking Cybersecurity
Join the Discussion

Related Article