Possible phishing attack targets high-profile channels run by Barkha Dutt and Tanmay Bhatt.
YouTube channels of news organisation Mojo Story and comedian Tanmay Bhat were mysteriously deleted on Monday, erasing all the content created over years in a possible phishing attack targeting high-profile channels on the platform in recent months.
Mojo Story, the multimedia news website run by journalist Barkha Dutt, lost access to its account on Sunday, following which hackers deleted the entire content of the channel. Hours later, Mojo Story’s channel was restored, but some of its content had not been recovered.
“After hours of urging @TeamYouTube to act & being assured action is being taken, I woke up to find @themojostory channel content ALL DELETED by the hackers- four years of blood, toil, sweat, tears, 11 thousand videos, COVID work of 3 years, ALL GONE. I am heartbroken,” Barkha Dutt said on Twitter.
Similarly, Bhat complained on Twitter that hackers took control of his Google account, surpassing the 2-factor authentication. A YouTube search for his channel led to a channel named Tesla Corp. In the past, YouTubers have complained about similar attacks that turned their channels into a page of Tesla Corp., which has over 4.4 million subscribers and some 470 videos.
“We take account security very seriously. After being alerted by The Mojo Story of their account being compromised due to unauthorised activity, our teams investigated the cases. We worked closely with The Mojo Story to secure and restore the account,” a YouTube spokesperson told Business Standard.
The incident has alarmed content creators on YouTube who tried to ensure their backup was ready and well organised.
“Losing your content could be the worst nightmare for any YouTuber. We have been using object storage to maintain a backup of all our videos. Our team today made sure that the content is up there in the desirable format, such as separate files for raw footage, final edit etc., and also ensure the relevant metadata is added or linked to the uploaded video, including video title and tags,” said a videographer at an educational content provider.
Himanshu Pathak, managing director of cybersecurity consultancy CyberX9, said the accounts could be falling prey to attackers possibly due to reused and stolen credentials. It may also involve having malware on the admin’s device that steals the authentication cookies to take over the account, he said.
“These scams have been going on for months, and there have been reports they work through fake sponsors reaching out to creators. The YouTubers are then convinced to download a file related to the sponsorship, which is just malware designed to steal cookies, remotely control PCs, and ultimately hijack YouTube accounts,” Pathak said.
YouTube’s support page recommends users avoid responding to suspicious messages or pop-ups requesting users to write their password. It also suggests using a password manager and setting permissions specific to roles within the organisation.
“Users many times enter their credentials and even 2FA codes into phishing websites, which act and look like the original website. This results in attackers gaining access to your account, whether you have 2FA or not. Also if you have a compromised device or web browser you are using to access or authenticate to an application like YouTube, then no matter how hard the application is protecting its users, there will always be ways for attackers to gain access to your accounts when having control of your device,” Pathak said.
How to protect yourself from ransomware hackers
Here's what you can do to save your system from ransomware
All it takes is good coding skills and greed
5 tips for cashless India to protect online data
How not to get your credit/debit card hacked