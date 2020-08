If you've been keeping up with tech news this week, you've likely heard about, or seen first-hand, how several YouTube channels have succumbed to a widespread cyberattack. Over the course of the last week or so, many channels have had their security compromised by attackers, who have taken to broadcasting fake live streams advertising Bitcoin scams. In many ways, the attack echoes a recent breach on Twitter which generated thousands of dollars in scammed Bitcoin after a Twitter employee was paid off to give hackers access. Whilst the details of the hacks themselves vary slightly, one core theme remains. All of them feel totally let down by YouTube. Yet the YouTube saga is very different from the recent Twitter breach in a number of ways, most significantly in YouTube's seemingly lax response to the problem. We caught up with three major YouTube creators to find out exactly what happened to their channels, and what happened when they went to YouTube for help. Whilst the details of the hacks themselves vary slightly, one core theme remains. All of them feel totally let down by YouTube. Get an iPhone SE with Mint Mobile service for $30/mo I spoke with Craig Groshek, director/owner of Chilling Entertainment, and the administrator of Chilling Tales for Dark Nights, an audio horror entertainment channel of more than 1,500 videos and 340k subscribers, about what happened. Not only was Craig a victim of the hack, but he has also been vocal on Twitter in trying to get help for many of the other creators who have been caught up in the scandal. Two such channels are 'itsAamir', and 'PapaFearRaiser'. Between the two of them, they have nearly two million subscribers. Like Groshek, Aamir, and Jordan (PapaFearRaiser) Antle both had their channels compromised, and they too kindly agreed to share their stories. What happened? Aamir, Antle, and Groshek all discovered that their YouTube accounts had been compromised over the course of the last couple of weeks. All three channels were found to be broadcasting live Bitcoin scam videos encouraging users to send in Bitcoin to a BTC address with the promise the money would be doubled. The videos looked like the below image. All three also found that most, if not all of their YouTube videos had been made private, and their channels had been rebranded. This was common across all of the hacks we've seen on YouTube.

"My channel was compromised on July 29, 2020, at around 4 PM CT," says Groshek. "Hijackers totally bypassed 2FA and did not change my passwords, or attempt to redirect my AdSense. Rather, they set all my videos to private except for three, and put up Bitcoin scams live, and changed my name to Tesla, as well as my logo. They removed all my playlists and channel connections, and emptied my channel description." Many were quick to cry SIM swapping and some kind of 2FA bypass as some of these hacks unfolded. However, the stories of all three of our creators here reveal a far more sinister mode of operation. In the run-up to their channels being compromised, Aamir, Antle, and Groshek all received emails from companies, purportedly offering them sponsorship deals to plug software on their channels. "Two weeks ago, I got a sponsor email, where I was told to advertise "Resolve 16" video editor on my channel," explains Aamir. Turns out, the email was fake. After speaking first over mail, and then WhatsApp, Aamir was given a download link to the software. Lured in by the seemingly genuine operation, Aamir tried to run the software on his PC, only to be met with an error message, then nothing. At this point, he knew something was amiss. Antle (PapaFearRaiser) tells a similar story: I essentially received what appeared to be a "professional" business email. This was someone saying they represented a company called Magix Studios and we're offering me a business opportunity to promote their product. Once I agreed they sent me over the product link to download (which I assumed would be safe as I've done this sort of thing before and it was 100% legit) and once I downloaded the WinRAR file and opened it up, nothing had happened. Like Aamir, Antle knew something wasn't right about the software he'd just clicked on. Within 60 minutes, his entire YouTube channel had been compromised. Jordan received a chilling chain of emails stating that the recovery phone had been changed for his channel, then to say that 2FA was turned off, then back on again, then that his password had been changed and a new device had logged in. A backup code was used to sign into the channel, and then another new device alert came through. Finally, he got an email to say that a video titled 'Coinbase Live Conference: Coinbase Earn Recap 07/29/20 was now live on his channel. All within the space of one hour.