![](\"https:\/\/media.wired.com\/photos\/5accda3ff449e10bb3550e3f\/master\/pass\/VevoHack-866983146.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Wed, 11 Apr 2018 11:35:19 +0000<\/strong><\/p>\n Since it\u2019s not <\/span>summer 2017 anymore, you probably haven\u2019t watched the music video for Luis Fonsi and Daddy Yankee\u2019s hit \u201cDespacito\u201d recently. And that may be just as well. The reigning most-viewed YouTube video was vandalized and then taken off the platform for a few hours on Tuesday morning after hackers infiltrated the account that hosted it.<\/p>\n Other well-known videos by artists like Drake, Katy Perry, Taylor Swift, and Shakira were defaced as well by attackers calling themselves \u201cProsox\u201d and \u201cKuroi\u2019sh,\u201d who threatened that they would go after other YouTube channels as well. The music video distribution partnership Vevo confirmed to WIRED that \u201ca number of videos in its catalogue were subject to a security breach today, which has now been contained. We are working to reinstate all videos affected and … are continuing to investigate the source of the breach.\u201d<\/p>\n The attackers replaced some of the music videos with violent images, as with Despacito, which showed gang imagery from the Netflix series \u201cCasa de Papel\u201d before the attackers took the video down. It has since been reinstated, along with its 5 billion views.<\/p>\n YouTube says that the platform itself wasn\u2019t breached. \u201cAfter seeing unusual upload activity on a handful of VEVO channels, we worked quickly with our partner to disable access while they investigate the issue,\u201d a spokesperson told WIRED. The attackers infiltrated one or more Vevo YouTube accounts rather than attacking the platform as a whole.<\/p>\n 'If someone had actually broken into the YouTube platform, that would be valuable.'<\/p>\n Chris Weber, Casaba Security<\/p>\n How, then, did Despacito disappear? That's still unclear. But it wouldn\u2019t be the first time a prominent account wasn\u2019t protected by two-factor authentication, allowing attackers to guess the password or obtain it through social engineering attacks like phishing. But even two-factor isn't foolproof<\/a>. If an account is set up to deliver authentication codes via SMS, attackers can hijack the text messages<\/a> to receive the code. Or a clever phish can impersonate a service\u2019s login screen, not only tricking users into voluntarily entering their username and password, but also requesting their two-factor code like the legitimate login page would do. Once the malicious form captures these details, attackers can quickly use them to log in to the account they are targeting while the code is still active.<\/p>\n Observers note that corporate accounts shared by multiple employees are less likely to employ two-factor authentication, because lots of people may need to be able to access them from different locations. Though this doesn't make using two-factor impossible (or any less important), it can make it impractical. Either way, phishing seems like the likely way attackers penetrated Vevo YouTube accounts, analysts speculate, because of what the attackers did with their advantage.<\/p>\n "If you look at the economics of it, if someone had actually broken into the YouTube platform, that would be valuable," says Chris Weber, cofounder of the corporate security and penetration testing firm Casaba Security. "Your first inclination wouldn\u2019t be to deface a few videos and run away. But that's the problem with phishing, it\u2019s such a low-cost attack."<\/p>\n If attackers had invested significant time and resources into compromising the accounts, they also might have taken the time to execute a more subtle attack, like redirecting ad payments from YouTube into their own bank account instead of Vevo's.<\/p>\n It's a reminder for everyone\u2014from individuals, to YouTube stars, and corporations\u2014to lock down their account security. But if you're a \u201cDespacito\u201d super-fan, you can at least rest assured that the video has been restored.<\/p>\n