Microsoft’s YouTube Channel Vulnerabilities Exploited as Clips Get Replaced
On Sunday morning someone outside Microsoft seems to have taken possession of the company’s YouTube channel, eliminating all of the videos already loaded (including those relating to the new promotional campaign) and replacing them with video calling for a seemingly meaningless sponsorship.
In place of the official videos and advertising from Microsoft, hackers have included short films, accompanied by messages from the attacker. “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006,” posted the cracker.
One video called Bingo showed a character from the LA Noire video game. The other video titled ‘post video responses, create new background images for the channel or provide sponsorship’ was displayed on the channel, replacing Microsoft’s official videos. The archived videos were also replaced with short clips “We are sponsoring!” and “Make us a background to get a Subbox!!!”
There’s no details on exactly how someone snuck into Microsoft’s account, but ccording to security firm Sophos, one explanation is that the attacker possibly created a Microsoft account when YouTube was still in nascent stage. The security breach might have occurred on this account, which was probably still attached to the e-mail of the former owner, and Microsoft forgot to update this, leaving the back door wide open.
Microsoft has confirmed the hacking of the YouTube channel and is working with YouTube to restore the service. “We have regained control of the Microsoft channel on YouTube, and we are working to restore all of the original content,” said a Microsoft spokesperson. “We will continue to work with YouTube to ensure safeguards are in place for the future.”
This is not the first time a brand’s YouTube page came under attack. Last week, ‘Sesame Street’ was attacked, with its clips being replaced with porn videos.
Web defacement is on the rise. This week, Fraser Howard and the security researchers of Sophos Labs discovered a new technique to hack corporate web pages by inserting malicious infected PHP codes into the header elements of the front pages of web sites. Earlier this month Microsoft submitted Security Intelligence Report, which stated that 99 percent of attacks exploit known vulnerabilities, saying that malware can break by instinctive force passwords on infected systems. AOL is another recent sufferer, being attacked by a hacker group identifying themselves as HodLuM.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
