There was a post that talked about it but..
This problem has slowly been growing and is up to 50 accounts ranging from 10k to 960k subs. Underneath is the link/screenshot (as of 2:30pm est) to a complied google spreadsheet to all the accounts that have been hacked.
It is still being edited and adding more accounts
https://docs.google.com/spreadsheets/d/1PhmslGsUkOgPmCrmzcI1s8ZErE2Q5KcPBCCtF9admgg/edit#gid=1716791528
The current situation known is that this exploits explained by one of the youtubers that have been hacked
Facts so far:
1. It was a program run probably similar to the previous post mentioned above.
2. Program was run it under a VPN
3. It was in a sotware vault via an antivirus quarantine partition where it was analyzed and was said to safe to run
4. The program was launched and the antivirus came with a positive afterwards and was "chested", but it was too late.
5. It did NOT show the "Did you sign in with google" with the google authentication app with the ip and location.
(EDITED: Since its a super detail that i forgot to add, 2FA was on)
6. Youtube account hacked and not being able to sign in. Google account also being hacked.
7. Being taken over via scams. Having their accounts completely changed. Videos being deleted, hidden if lucky
Not confirmed yet:
This program knew the targets location and spoofed it.
Might be a cookie hack/phishing of some sort.
The same account email from the previous post above
So far, very few creators have gotten their channels back. Youtube clearly gives a priority of caring the $$$ channels over the smaller ones.
Google does not have a multi factor email like Outlook,
where it asks you for your phone and a second email when security info questions are needed to be answered.
It is only reliant of an app with gives a specific code. Meaning there was a way to bypass it and gain full access.
Something that YOUTUBE has to be called out to change, because it will keep continuing unless enough voices are heard.
Let me ask you this, what if it happens to your favorite Youtuber next?
______________________________________________________________________________________________________________________________________________________________________________________________ EDITED AS OF 02-29-2020 1:24PM
After this article was posted, I have to add additional key information.
The malware was involved the fact that its using session cookies instead of stealing pw info.
The 2-factor authentication can be circumvented by disabling it using the session cookie because it doesn't ask for re-authentication is the main issue here.
It also changes the account email without any re-authentication
This isnt an issue of how youtubers handel their security. Its the fact that this is how youtube and google handle their 2FA. Its a security flaw.
