The Large YouTube Hack from "#OurMine"

KatyAdelson

I Love YTtalk
Staff member
Joined
Mar 13, 2015
Messages
7,166
Reaction score
6,855
Location
Colorado
Channel Type
Musician
:eek: There was a giant YouTube hack on April 13th where a group of hackers changed the video title and description of hundreds of YouTube videos. Here is an article about the incident:
https://www.digitalmusicnews.com/2017/04/14/ourmine-youtube-hack-heres-protect-account/

It appears that a YouTube Network, Studio71, was targeted, and many YouTubers from the network had their accounts hacked and video titles & descriptions changed to a URL and hashtag about "OurMine." Apparently the hackers had no intent to be malicious with their changes and, according to the article, were planning to restore everything back to the way it was. Some YouTubers who were attacked said that YouTube was also working to restore the titles and descriptions, but that they weren't sure what that would do to their comments and views that happened since the last backup. I'm not sure which restore happened first (the hackers restore, or YouTube's restore), but at least everything was restored!

Here's a picture from the article:



I'd imagine that these YouTubers have had a rather substantial decrease of their video SEO rankings during this whole ordeal, and it's scary to think that this could happen on such a large scale. This also reveals that the YouTube security is rather weak. Although changing a video title/description is annoying, I find it more concerning that a lot of YouTubers have their telephone verification and personal information tied to their accounts in some form, yet how "easy" it seemed to be for the hackers to access their accounts. I always thought having the telephone number verification check would add a layer of security, but with this hack showing the possibility to hack a section of Google on a massive scale, maybe it's not such a good situation that Google has so much documented information on all of their users. I think it's been more of an attack through Studio 71 rather than Google, but either way it's scary how this has happened across so many channels...

What are your thoughts about this? I think it's scary that the hackers were able to pull this off on so many channels, and I'm expecting to see a lot more of this kind of stuff in the future....
 

XXLRay

I Love YTtalk
Joined
Jul 24, 2014
Messages
2,335
Reaction score
984
Channel Type
Other
Say don't say a word about phone verification so I guess this may not have been enabled. Furthermore they advise to use strong passwords for all accounts that may administer your channel. So my best guess is that this hasn't been the case.
So what do I think about this case? People are way too careless when it comes to internet security. Especially celebrities seem to not realize that they are an interesting target for hackers. In my eyes not caring for security (enough) is about the same as not caring for community guidelines. If you don't do your homework you are busted.
 
  • Like
Reactions: KatyAdelson

KatyAdelson

I Love YTtalk
Staff member
Joined
Mar 13, 2015
Messages
7,166
Reaction score
6,855
Location
Colorado
Channel Type
Musician
I agree that it seems like it was a bit careless on someone's part, but I also suspect it was a hack through a 3rd party that has password access to the accounts (Studio71), rather than just YouTubers being careless with their security and telephone verification... A lot of people use tools linked to their accounts that could be targeted, and it's crazy to see how quickly this all happened. :eek:
 
  • Like
Reactions: KiddieToysReview

TheSwedishTraveler

I am a Traveler, A Wanderer, A Thinker
Joined
Jan 12, 2015
Messages
6,221
Reaction score
2,411
Age
37
Channel Type
Vlogger
I heard the hackers did it to promote their own channel (which the url link in the titles were sent to). And earlier today, Youtube shut down the hacker´s channel!

I feel it´s a bad way to promote your channel, did they really think they would go far with that line of promotion?
 
  • Like
Reactions: KatyAdelson

Lightsen

Animation Yey!
Joined
Oct 24, 2014
Messages
2,728
Reaction score
2,007
Location
UK
Channel Type
Animator
they didn't need a password and phone, the channels werent hacked. When joining some MCNs they allow them access to their channel. This usually included analytics and video manager where they can edit title and descriptions.
they could have denied access as soon as they heard about the hack and would have been safe.
 

KiddieToysReview

I Love YTtalk
Joined
Dec 20, 2015
Messages
1,439
Reaction score
1,792
Channel Type
Youtuber
Explains the email from our Yt brand manager over the Easter weekend asking us to double check 2-step verification is enabled! I though it odd they would be working Saturday.[DOUBLEPOST=1492340240,1492340047][/DOUBLEPOST]
A lot of people use tools linked to their accounts that could be targeted, and it's crazy to see how quickly this all happened. :eek:
That's actually a scary thought. Although I trust Yt with security, can we be certain TubeBiddy, VidIQ, etc, etc, can't be hacked?
I wonder if this is an isolated incident or more may be on the way. Perhaps it's prudent to revoke all 3rd party access, only enable access when using the apps, hence decreasing susceptibility from 24 hours to 1 or 2 per day?
 
  • Like
Reactions: KatyAdelson

WolfWraith

I Love YTtalk
Joined
Aug 28, 2013
Messages
5,678
Reaction score
1,971
Location
Australia
Website
www.youtube.com
Channel Type
Gamer
Say don't say a word about phone verification so I guess this may not have been enabled. Furthermore they advise to use strong passwords for all accounts that may administer your channel. So my best guess is that this hasn't been the case.
So what do I think about this case? People are way too careless when it comes to internet security. Especially celebrities seem to not realize that they are an interesting target for hackers. In my eyes not caring for security (enough) is about the same as not caring for community guidelines. If you don't do your homework you are busted.
Problem is, they did it through the network, not through the creators' actual accounts, when you assign a network permission over your account, it's full control (as far as I know), but they only change things like monetisation they won't touch descriptions & such. So hack the network & you have control of the accounts that are a part of it, no matter how strong the security is for each individual account. The only way they could have been more secure would be to not be part of a network which is kind of silly if they're big Youtubers. This just goes to show, YouTube will need to implement stronger security between networks & the accounts they manage. They should probably add the feature to revoke app permissions in a more prominent spot, most of the people effected probably wouldn't have known where to find it.

They say their intent wasn't malicious but I think that's a crock of s**t. They knew what they were doing & a lot of YouTubers unfortunately will suffer for it.

Although I trust Yt with security, can we be certain TubeBiddy, VidIQ, etc, etc, can't be hacked?
http://www.tubefilter.com/2017/04/14/ourmine-hacks-studio71-roman-atwood-lilly-singh-logan-paul/ Nope, they are not safe. As long as the permissions are for full control. Apps like that I can understand having full control but Networks have no need to be able to modify your description, title or any SEO aspect. Should be monetisation and that's it.
"OurMine first began to target the YouTube community in earnest last November, when it hit channels like iJustine, KittiesMama, and The Bajan Canadian through VidIQ, a video optimization platform."
 

KiddieToysReview

I Love YTtalk
Joined
Dec 20, 2015
Messages
1,439
Reaction score
1,792
Channel Type
Youtuber
Problem is, they did it through the network, not through the creators' actual accounts, when you assign a network permission over your account, it's full control (as far as I know), but they only change things like monetisation they won't touch descriptions & such. So hack the network & you have control of the accounts that are a part of it, no matter how strong the security is for each individual account. The only way they could have been more secure would be to not be part of a network which is kind of silly if they're big Youtubers. This just goes to show, YouTube will need to implement stronger security between networks & the accounts they manage. They should probably add the feature to revoke app permissions in a more prominent spot, most of the people effected probably wouldn't have known where to find it.

They say their intent wasn't malicious but I think that's a crock of s**t. They knew what they were doing & a lot of YouTubers unfortunately will suffer for it.


Nope, they are not safe. As long as the permissions are for full control. Apps like that I can understand having full control but Networks have no need to be able to modify your description, title or any SEO aspect. Should be monetisation and that's it.
"OurMine first began to target the YouTube community in earnest , when it hit channels like iJustine, KittiesMama, and The Bajan Canadian through VidIQ, a video optimization platform."
Crap that aint good.
Ok, revoking all access to 3rd party apps on our accounts now. Until can get a better understanding of what can be hacked - can they delete videos via Tubebuddy access permissions?
 
  • Like
Reactions: chottom

TheDutchTexan

I Love YTtalk
Joined
May 5, 2014
Messages
3,074
Reaction score
1,585
Location
Plano, TX
Channel Type
Youtuber
That is why I will never join a network. 1: All they do is steal revenue and 2. They are a security risk. People must be so glad they joined up with Studio71 right now!
 
  • Like
Reactions: KatyAdelson

Shendijiro

(┛ಠ_ಠ)┛彡┻━┻
Joined
Jul 19, 2013
Messages
8,635
Reaction score
5,484
Location
Puerto Rico
Channel Type
Youtuber, Gamer, Commentator, Reviewer, Designer, Animator, Other
Damn this guys never seem to want to give up huh? They always seem to want to hack away other channels but I don't kwon there purposed for it, I know once they stole money but now they just seem to do it to promote? And yeah once you join a network they can manage your account videos but not your account per-se
 
  • Like
Reactions: KatyAdelson