Stolen Youtube Channels UP to 50 accounts hacked

[CousinVinny]

There was a post that talked about it but..

 

This problem has slowly been growing and is up to 50 accounts ranging from 10k to 960k subs. Underneath is the link/screenshot (as of 2:30pm est) to a complied google spreadsheet to all the accounts that have been hacked.

It is still being edited and adding more accounts 

 

https://docs.google.com/spreadsheets/d/1PhmslGsUkOgPmCrmzcI1s8ZErE2Q5KcPBCCtF9admgg/edit#gid=1716791528
 

The current situation known is that this exploits explained by one of the youtubers that have been hacked

 

Facts so far:
1. It was a program run probably similar to the previous post mentioned above. 

2. Program was run it under a VPN

3. It was in a sotware vault via an antivirus quarantine partition where it was analyzed and was said to safe to run

4. The program was launched and the antivirus came with a positive afterwards and was "chested", but it was too late. 

5. It did NOT show the "Did you sign in with google" with the google authentication app with the ip and location.
(EDITED: Since its a super detail that i forgot to add, 2FA was on)

6. Youtube account hacked and not being able to sign in. Google account also being hacked.

7. Being taken over via scams. Having their accounts completely changed. Videos being deleted, hidden if lucky

 

Not confirmed yet:

This program knew the targets location and spoofed it.

Might be a cookie hack/phishing of some sort. 

The same account email from the previous post above

 

So far, very few creators have gotten their channels back. Youtube clearly gives a priority of caring the $$$ channels over the smaller ones. 

 

Google does not have a multi factor email like Outlook,

where it asks you for your phone and a second email when security info questions are needed to be answered.

It is only reliant of an app with gives a specific code. Meaning there was a way to bypass it and gain full access. 

Something that YOUTUBE has to be called out to change, because it will keep continuing unless enough voices are heard.

Let me ask you this, what if it happens to your favorite Youtuber next?

 

______________________________________________________________________________________________________________________________________________________________________________________________
EDITED AS OF 02-29-2020 1:24PM
After this article was posted, I have to add additional key information. 

The malware was involved the fact that its using session cookies instead of stealing pw info.

The 2-factor authentication can be circumvented by disabling it using the session cookie because it doesn't ask for re-authentication is the main issue here.

It also changes the account email without any re-authentication

 

This isnt an issue of how youtubers handel their security. Its the fact that this is how youtube and google handle their 2FA. Its a security flaw. 

 

 

 

Edited February 9, 2020 by CousinVinny
More details that was found out

[GDRRiley]

gmail/YouTube/google accounts do have the option for 2 factor; SMS, google app on trusted mobile, key generating app and usb/rfid ones.

as bad as I feel for them and while yes youtube needs to do something this comes down to them not having good security measures.

 

shit from a site i don't know VM or linux time.

 

 

[Donut_Thunder]

3 minutes ago, GDRRiley said:

gmail/YouTube/google accounts do have the option for 2 factor; SMS, google app on trusted mobile, key generating app and usb/rfid ones.

as bad as I feel for them and while yes youtube needs to do something this comes down to them not having good security measures.

 

shit from a site i don't know VM or linux time.

 

 

I do beleive that big youtubers like that would use 2fa but not sure how many did... the point remains... youtube needs s to up its security

[GDRRiley]

1 minute ago, Donut_Thunder said:

I do beleive that big youtubers like that would use 2fa but not sure how many did... the point remains... youtube needs s to up its security

its nothing new this thing has been done for years. LTT had it happen in 2016 or 2017.

Really all this means is that google should roll out an option to disable password reset online.

[Donut_Thunder]

8 minutes ago, GDRRiley said:

its nothing new this thing has been done for years. LTT had it happen in 2016 or 2017.

Really all this means is that google should roll out an option to disable password reset online.

but do people care about the small youtubers? sure they care about the big ones, but i garuntee you linus couldn't give a rats butt that youtube is hacked yet again people (including youtube) will not do a thing because they don't care. what would you do if it was you that was hacked? they deleted one account and i garuntee you it won't be the last. they quickly restored the 4+ million sub user but not the 10k. why should they care about someone whose career is youtube but has only 100k subs?

 

[rabbitanarchy14]

its not about how many subs you have. i already cant stand the security bullshit phone sms stuff. if i could i would delete my gmail account forever. i cant sign on at work because i cannot use my phone at work, bullshit.

its an issue with a product of google i would think anyone who makes a mistake on a product no matter how many a person has bought should fix it. or service

[jagdtigger]

37 minutes ago, rabbitanarchy14 said:

i cannot use my phone at work

Thats the BS right there, not what google does....

 

/ON

I feel sorry for them but its their fault for not using the extra security that is readily available for them. They just need to enable it...

[Doobeedoo]

That's so bad though. Nothing I would've lost myself haha. 

[TrigrH]

12 hours ago, GDRRiley said:

gmail/YouTube/google accounts do have the option for 2 factor; SMS, google app on trusted mobile, key generating app and usb/rfid ones.

as bad as I feel for them and while yes youtube needs to do something this comes down to them not having good security measures.

 

shit from a site i don't know VM or linux time.

Joker claimed: to have 2FA enabled but it didnt matter as it was a session hijacking virus which also escaped a virtual machine???.

[GDRRiley]

3 minutes ago, TrigrH said:

Joker claimed: to have 2FA enabled but it didnt matter as it was a session hijacking virus which also escaped a virtual machine???.

Escaping a VM is usually hard to do

[Sauron]

12 hours ago, Donut_Thunder said:

I do beleive that big youtubers like that would use 2fa but not sure how many did... the point remains... youtube needs s to up its security

That depends on how these accounts are being stolen. It's possible these people fell for social engineering or got a keylogger malware on their pc, in which case there isn't much yt can do other than encourage the use of 2fa.

4 minutes ago, GDRRiley said:

Escaping a VM is usually hard to do

It depends, if you have shared folders it's not that hard.

[TrigrH]

5 minutes ago, Sauron said:

That depends on how these accounts are being stolen. It's possible these people fell for social engineering or got a keylogger malware on their pc, in which case there isn't much yt can do other than encourage the use of 2fa.

It depends, if you have shared folders it's not that hard.

In the case of Joker, they pretended to be a VPN company wanting to advertise their software, fake website/business with session hijacking malware pretending to be a VPN program.

[jiyeon]

I noticed Pledis' Seventeen was on that list. Seventeen is a K-pop boygroup - which contrary to the name, involves 13 members - and they're owned by Pledis Entertainment, who also formerly housed Pristin, one of the most anticipated new-generation girl groups to ever exist, until Pledis made them disband after having 2 years of nothing to do.

 

Pledis is one of if not the most hated Korean music companies because of the way they treat their artists, especially in the case of Pristin like I mentioned above, who were severely mistreated and never given any proper attention to fully convey their musical style, presence, and growth to the world.

 

So yeah, Pledis sucks.