Vevo to review security after YouTube feeds for Lil Nas X Justin Bieber, and others were hacked

On Tuesday morning, YouTube channels for some of the world’s biggest stars showered fans with strange music videos. Vevo channels for artists like Lil Nas X, Eminem, Drake, Taylor Swift, Ariana Grande, Harry Styles, The Weeknd, Michael Jackson, Kanye West, and many others were affected. The channels in question have subscriber counts that add up to hundreds of millions. Before the videos disappeared, viewers saw bizarre clips of Paco Sanz, a Spanish conman sentenced to two years in jail after being convicted of fraud for lying about having terminal cancer, and rapper Lil Tjay.

YouTube did not respond to requests for comment from The Verge; however, Vevo — which bills itself as “the world’s leading music video network” — did acknowledge the incident. A spokesperson responded to contact via Vevo’s public press information and requested not to be named, citing the “nature” of the incident. They said in a statement that “Some videos were directly uploaded to a small number of Vevo artist channels earlier today by an unauthorized source.”

Besides noting that the videos are gone, they also claimed, “No pre-existing content was accessible to the source. While the artist channels have been secured and the incident has been resolved, as a best practice Vevo will be conducting a review of our security systems.”

Another Vevo-related breach in 2018 saw popular music videos defaced, while the then-most-viewed YouTube video of all time, “Despacito” (it is now second, behind “Baby Shark”), was vandalized and briefly removed.

Google and YouTube have recently focused on trying to secure popular channels. Last year a report highlighted a phishing campaign targeting creators, YouTube required millions of popular channels to enable two-step verification, and Google says it gave away hardware authentication keys to over 10,000 high-risk users.

Despite those precautions, an apparent compromise somewhere along Vevo’s pipeline allowed the attacker, who pointed to their Twitter handle @lospelaosbro in the posts, to continue uploading across high-profile channels for several hours.

The artists or the people who operate their pages were likely unable to do anything about the issue. Vevo’s artist information page explains that it works by creating a separate verified Artist Channel to upload videos, and YouTube merges that content with videos on the artist’s own YouTube page. A support page states that “Vevo does not provide access directly to artists.” Instead, independent content providers or the artist’s music label will upload the content to Vevo, which sends it to YouTube and other channels.

Related Posts

Nomad crypto bridge loses $200 million in chaotic hack

After a few quiet months, it’s happened again: another blockchain bridge hack with losses in the hundreds of millions of dollars. Nomad, a cryptocurrency bridge that lets…

US federal courts were reportedly hit by another data breach

The federal courts’ document system was hit by a breach with a “startling breadth and scope” in early 2020, according to a report from Politico that cites…

Google like Amazon may let police see your video without a warrant

Arlo, Apple, Wyze, and Anker, owner of Eufy, all confirmed to CNET that they won’t give authorities access to your smart home camera’s footage unless they’re shown…

Now Microsoft Office is blocking macros by default

There’s been a bit of back and forth since the change was originally announced, but this week Microsoft started rolling out an update to Microsoft Office that…

Romanian hacker faces US trial over virus for hire service

The Department of Justice (DOJ) announced today that it had extradited dual Romanian / Latvian national Mihai Ionut Paunescu — known as “Virus” — to the US…

China linked hackers are exploiting a new vulnerability in Microsoft Office

A newly discovered vulnerability in Microsoft Office is already being exploited by hackers linked to the Chinese government, according to threat analysis research from security firm Proofpoint….

Leave a Reply

Your email address will not be published.

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page
x