[UPDATE: Some of the videos are being taken down for violating YouTube’s terms of service. This means that YouTube is stepping in.]
There are people who shill cryptocurrency and those who hack accounts, so what should happen if we put them together? According to a Twitter thread initiated by Arun Miani (MrWhoseTheBoss), his YouTube account got hacked to advertise cryptocurrency.
A hacker hacked multiple YouTube accounts
Arun posted a tweet stating that he thought someone accessed his account and posted a video that advertised cryptocurrency (and someone did). Strangely enough, the video disappeared before he could investigate further. Thus, he relied on users to send screenshots or screen recordings to corroborate his theory.
Users sent recordings of the video from his channel and ones from other channels. The YouTube account for boxer Floyd Mayweather also received a video. This seems like just the tip of the iceberg, as more YouTube accounts got hacked. The hacker affected creators such as @IvanOnTech, @aantonop, @Bitboy_Crypto, @Altcoinbuzzio, @crypto_banter, and @coinMarketCap.
The hacker got past the security measures
This story only gets scarier once you factor in that all of these accounts are secured accounts. Not only are these accounts secured with username and password, but some of the accounts are also said to be secured with Two-Factor Authentication (2FA). 2FA is one of the most recommended security measures to keep your account safe.
You need to have your username and password present along with a special code generated on a dedicated device like a phone. The service communicates with your phone exclusively. Not only that, but the code changes every minute or so. If the hackers were able to get through the 2FA, then this situation could get MUCH worse.
The videos are rather creepy in and of themselves
If the fact that the hackers can pole vault 2FA isn’t scary enough, the actual videos are like something out of a creepypasta. Again, the hackers hacked into these YouTube accounts and posted a video pushing cryptocurrency. It starts off silent, then, while showing different coins, there’s a consistent beep in the background. The beep changes every 30 seconds or so.
Adding to the creep factor is an electronic voice that pops up every so often saying “preview.” Other than boosting cryptocurrency, there doesn’t seem to be any harmful material in the videos. However, a person or multiple people who can slip into heavily secured accounts and post whatever they want is still cause for alarm. They have power over a lot of accounts (and a lot of careers!). More on this story will come to light, and hopefully, Google can do something about this.