By Benjamin Solomon, Staff Writer
Vevo’s YouTube accounts consist of some of the most watched on YouTube. These accounts legally host music videos from artists like Taylor Swift, Adele, Rihanna, and others. Vevo itself is a joint venture between Universal Music Group, Sony Music Entertainment, and Warner Music Group.
On April 10, hackers calling themselves Prosox and Kuroi’sh gained access to some of these accounts and altered some videos. They changed titles, descriptions, and thumbnails in addition to deleting some videos. Affected videos included those belonging to Drake, Katy Perry, Shakira and more.
The hackers deleted the video for the song “Despacito” by Luis Fonsi and Daddy Yankee, the first video on YouTube to get more than five billion views and (as of now) the most views ever. According to the Verge, before it was deleted “The video’s image was altered and replaced with a masked gang holding guns (from Netflix show Casa de Papel).”
Another notable change was that several videos had the titles changed to say things like “FreePalestine” and “hacked by prosox & koroi’sh.”
Twitter accounts claiming to belong to the hackers took credit for the changes. One, @Prosoxhacker, tweeted that “for us it was just a game.” Another, @ProsoxW3B, said “Its just for fun i just use script ‘youtube-change-title-video’ and i write ‘hacked’ don t judge me i love youtube <3.”
YouTube stated that the security breach was not due to an issue with their platform, rather the result of the hackers somehow gaining the passwords to these accounts.
Wired.com suggested that the breach may have been a result of phishing. Phishing often comes in the form of an email that impersonates a legitimate email and encourages you to click a link – often bringing you to a fake login page to steal your password.
Phishing is hacking in the sense of social engineering and manipulation. All it would take is for Vevo’s accounts to not use two-factor authentication (like login verification from either phone or email) and for one employee to fall for a phishing email.
YouTube released a statement that said, “After seeing unusual upload activity on a handful of Vevo channels, we worked quickly with our partner to disable access while they investigate the issue.”
A release from Vevo said, “Vevo can confirm that a number of videos in its catalogue were subject to a security breach today, which has now been contained. We are working to reinstate all videos affected and our catalogue to be restored to full working order. We are continuing to investigate the source of the breach.”
Vevo has since returned all of the videos to their unaltered state and claims to have fixed its security vulnerabilities, and YouTube has instated the deleted videos and view counts.