September 29, 2016

Microsoft’s Official YouTube Channel Hacked – Raises Questions Over YouTube’s Security

(LiveHacking.Com) – Over the weekend Microsoft’s Official YouTube Channel was hacked  allowing the attackers to remove Microsoft’s videos and upload their own content. The hacker’s videos where typically about 4 seconds long and called on other YouTube users to post video responses or create new background images for the channel.

During the hack the channel’s description read, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/.”

Sophos noticed the following comment posted during the hack: 

This is how he “hacked” the channel: He legittly made the account Microsoft when youtube wasn’t that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid’s email and microsoft forgot to change it or whatever.

So all this kid had to do was recover this account using his old email.

Not that hard. Thats probably how the other big Channels got “hacked”.

Although this is likely to be untrue, it does raise the question on the strength of YouTube’s security. Was this simply a case of an easy to break password or is there some vulnerability in YouTube’s site that is so far unknown to Google.

As of Monday, the channel is back to normal.