Video hosting service and music video network Vevo is investigating a recent security breach in which someone managed to log in to the pages of several famous artists on YouTube and make changes, including uploading songs from another artist.
It’s not the first time criminals have penetrated a social network, and third parties had direct access to celebrities’ accounts. In some situations, the hackers’ goals were much clearer as they tried to somehow profit financially from the intrusion, usually with a cryptocurrency scam.
But this time the situation is a bit different. According to The Record, whoever figured out how to log in to those pages had other goals.
“Some videos were directly uploaded to a small number of Vevo artist channels earlier today by an unauthorized source,” said Vevo for The Record. “All of those improperly uploaded videos have since been deleted by Vevo. No pre-existing content was accessible to the source.”
“While the artist channels have been secured and the incident has been resolved, as a best practice Vevo will be conducting a review of our security systems.”
Some earlier reports seemed to indicate the accounts have been compromised much earlier, with some YouTube users saying they’ve received notifications about new videos from some of the affected artists.
Interestingly, some of the videos had their titles changed to “hacked by @LOSPELAOSBRO.” Which doesn’t seem to be a coincidence since whoever runs the @ LOSPELAOSBRO account on Twitter has been very active and took credit for the hack.
Similar incidents in the past had one aspect in common. The management of the accounts went through a third-party tool. Hackers gained access to that tool, usually through social engineering or with information from data breaches. It’s still unclear how the Vevo accounts were compromised, but the investigation will likely reveal a culprit.