A Vevo spokesperson told Gizmodo that the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”
The OurMine hacker squad has claimed responsibility for the breach. They hijacked WikiLeaks’ DNS, took over HBO’s Twitter account, and last year they took over Mark Zuckerberg’s Twitter and Pinterest accounts.
Vevo is a joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Google’s parent company Alphabet Inc. Over 3 TB worth of internal files have been posted online, and a couple of the documents reviewed by Gizmodo appear sensitive.
OurMine typically uses social engineering to hack people because, well, it can. The group’s primary goal is demonstrating to companies that they have weak security. In this case, the hackers managed to compromise an employee account for Okta, the single sign-on workplace app. Full story at Gizmodo.
And again, this is a textbook example of how stepping employees through new-school security awareness training can prevent horrendous cost, lost time, and class-action lawsuits.
You should get a quote and find out how surprisingly affordable this is. Join 13,000 of your peers that use KnowBe4 to phish their users. It's actually fun to do!
