Last weekend someone hacked the Sesame Street YouTube channel, pulled down most of its videos, and uploaded pornography clips instead. And now one week later, another huge brand has been hit with a similar attack: Microsoft. The software giant’s official YouTube channel was apparently compromised yesterday, its videos also removed.
Microsoft YouTube Channel Hacked
First things first: the channel has since been restored. Just as with the Sesame Street incident, YouTube worked quickly to fix the issue, return the deleted videos, and give Microsoft control back over their channel. So… no real long term damage done.
But the channel was affected for a good chunk of the afternoon. GeekWire grabbed this screenshot during the hack, which definitely looks nothing like standard Microsoft content:
The apparent hacker also left an announcement on the channel page that read:
“I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/”
Are YouTube Channels Too Easy To Hack?
So… are YouTube Channels too easy to hack? Well, my first reaction to that question is to say this: if they are, it’s the channel-owner’s fault. After all, we set our own login passwords, do we not?
And yet, there are no doubt criminals and hooligans out there with technology and ingenuity. There are password crackers.
Should YouTube consider adding more security? A lot of banks have instituted a second or even third verification layer when customers log in to the online service, requiring second passwords or the matching of images or previously-agreed-upon security questions. Is it time for YouTube to start thinking about something similar?
Are there other emerging technologies and tools that might help them detect when account activity is suspicious?
This is the second very high profile account to be hit with a takeover in just one week. It’s only going to encourage more pranksters to try similar feats, and could quickly become a real problem for YouTube–both because of the new hackers but also from the negative PR associated with users feeling like their accounts aren’t safe.
It should go without saying, but change your password… make it something difficult to guess. The more you attempt to make your password easy to remember, the more likely someone else can guess it. The best defense against YouTube account takeovers is to have as difficult-to-crack a password as possible.
YouTube has a help page for people who believe their accounts have been hacked, and it includes a contact email, but something tells me users don’t have the direct pipeline to Google brass that Microsoft probably has, so it may take a bit longer than a couple hours for your account to be restored.