Stories
Slash Boxes
Comments

SoylentNews is people

Security Warning For 23 Million YouTube Creators Following ‘Massive’ Hack Attack

posted by Fnord666 on Thursday September 26 2019, @10:31AM   Printer-friendly
from the another-day-another-hack dept.

upstart writes:

Submitted via IRC for SoyCow2718

Security Warning For 23 Million YouTube Creators Following 'Massive' Hack Attack

High-profile YouTubers have been targeted by cybercriminals over the weekend in what appears to have been a highly coordinated and "massive" attack. The security warning was made by Catalin Cimpanu, a ZDNet reporter, who spoke to a member of an internet forum with a history of trading access to hacked accounts. Here's what we know so far and what you need to do to protect your own YouTube account.

According to the ZDNet investigation, many accounts belonging to well-known YouTubers within the car community appear to have been hijacked. However, it would also appear the attack itself has been directed mostly towards "influencers" across many YouTube channel genres. Amongst those taking to Twitter to complain about their YouTube accounts being hacked and access to their channels lost, were YouTubers covering technology, music, gaming and Disney. With more than 23 million YouTube channels, anyone who creates content should be heeding this warning though.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Security Warning For 23 Million YouTube Creators Following ‘Massive’ Hack Attack | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by RedBear on Friday September 27 2019, @04:11AM (1 child)

    by RedBear (1734) on Friday September 27 2019, @04:11AM (#899425)

    Getting 2FA codes over SMS makes 2FA basically useless. There are multiple ways to intercept the SMS messages and get the 2FA code. It’s virtually guaranteed that everyone who was hacked was using SMS to get their 2FA codes, if they even had 2FA enabled at all.

    I had an important account at an organization that should know better. I did the responsible thing and tried to enable their “extra security” option, but when I realized that the only implemented method to obtain security codes was via SMS I immediately disabled the extra security because it was utterly pointless. For that account I just have to use a heavy duty password and rely on myself to avoid getting phished.

    Every other service I’ve activated 2FA on supports one-time-use backup codes, authenticator apps, and most finally are supporting physical U2F keys. None of those methods should be easy for phishers to bypass. But SMS, pffft! It shouldn’t even be an option anymore. If it was disabled this kind of hack would basically just... stop.

    --
    ¯\_ʕ◔.◔ʔ_/¯ LOL. I dunno. I'm just a bear.
    ... Peace out. Got bear stuff to do. 彡ʕ⌐■.■ʔ
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Pino P on Friday September 27 2019, @01:41PM

    by Pino P (4721) on Friday September 27 2019, @01:41PM (#899548) Journal

    Every other service I’ve activated 2FA on supports one-time-use backup codes, authenticator apps, and most finally are supporting physical U2F keys.

    But do other services supporting 2FA allow you to enroll one-time-use backup codes, TOTP apps, and U2F keys without first enrolling SMS and keeping it enrolled? Twitter and Twitch do not.