If you were on YouTube yesterday trying to search for Despacito, you probably would have noticed that it was no longer available. In its place, you would have found an image like this:
Before you ask, No, Luis Fonsi and Daddy Yankee did not shoot another video for the most viewed YouTube video of all time. Rather, it seems that this was the work of a group of hackers. Calling themselves Prosox and Kuroi’sh, the hackers managed to infiltrate the Vevo’s YouTube account and deface a number of music videos.
What exactly is Vevo?
In case you were wondering, Vevo (short for Video Evolution), is an American multinational video hosting service. They host music videos from Universal Music Group and Sony Music Entertainment on both YouTube and the company’s website. As a result of the attack by the hackers, music videos from artists such as Chris Brown, Shakira, DJ Snake, Selena Gomez, Drake, Katy Perry and Taylor Swift were all defaced with accompanying titles and thumbnail images.
While it still remains to be seen whether the hackers gained access to the artist’s individual Vevo accounts or the Vevo network itself, it appears that one of the hackers did claim that they used a script to edit the video titles. Most people thought that it was YouTube that was the subject of the hack. But YouTube and Vevo both confirmed that the hack was aimed at Vevo. They also added that the hack didn’t affect any YouTube videos apart from those on Vevo’s channels.
History repeats itself with Vevo
Back in September 2017, Vevo was has hacked once again. This time, approximately 3.12 Terabytes of internal files were published online. Once again, it had no impact on YouTube, just Vevo. The hack was carried out by a group calling themselves OurMine. The group was responsible for the hacks on BuzzFeed, TechCrunch and Mark Zuckerber’s Twitter and Pinterest accounts as well.
According to Prof. Alan Woodward, who is a cybersecurity expert from Surrey University, the hack was possible via a number of authorization codes that were stolen from Vevo’s internal systems. In order to upload or edit video content with code, an authorization token is required. So either the hackers found a way to bypass the need for an authorization code, or they got permission some other way. An inside job, perhaps? I guess we’ll just have to wait and find out.
Since the attack almost 20 hours ago, most of the Vevo channels and related music videos have been rectified and their thumbnails have been replaced with the original ones. It still begs the question of how the hackers managed to do it and if they can do it again.
What are your thoughts on this? Leave a comment below