Massive phishing wave of account hijacks hits YouTube creators


Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of their readers.

But the YouTube car community wasn't the only one targeted. Other YouTube creators also reported having their accounts hijacked last week, and especially over the weekend, with tens of complaints flooding Twitter.


The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials.

According to a channel owner who managed to recover their account before this article's publication and received additional information from YouTube's staff, we got some insight into how the full attack chain might have gone down.

  • Hackers use phishing emails to lure victims on fake Google login pages, where they collect users' account credentials
  • Hackers break into Google accounts
  • Hackers re-assign popular channels to new owners
  • Hackers change the channel's vanity URL, giving the original account owner and his followers the impression that their account had been deleted

ZDNet reported that hackers were capable of bypassing two-factor authentication on users' accounts. He suggested that hackers might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes.

However, this is only hearsay, and there is no actual evidence to confirm that hackers used Modlishka specifically. There are plenty of reverse proxy-based phishing toolkits around that can do the same. The full story is at ZDNet:


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews