Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Microsoft's YouTube channel hijacked by previous owner

User's email address was still connected to the account, which had been claimed by Microsoft

By Lucian Constantin | Published: 10:54, 25 October 2011

Microsoft's official YouTube channel was hijacked on Saturday and all videos hosted on it were temporarily removed. The hacker replaced them with others claiming that Microsoft is holding a contest.

"We are sponsoring" and "Make us a Background to Get Subbox!!!" were the titles of two rogue videos published by those responsible for the attack. Meanwhile, the channel's description was modified to read "Wish to Become Sponsored? Message me."

One message posted by the alleged hacker provides an indication of what might have happened. "I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/" he said.

Taking back his YouTube account

This suggests that the hijacker registered in the early days of the video-sharing website. The account was claimed by Microsoft, probably citing trademark reasons, but the original email retained access to it.

It's not clear how this happened, but in 2008 YouTube started providing users with the option of linking their old accounts with their Google ones. This action became mandatory earlier this year and might have something to do with how the previous owner obtained access now.

If the user's email address got linked with the Google Account used by Microsoft on YouTube, he might have gained the ability to perform a password reset. "If that's true, then it's a colossal foul-up by YouTube that may concern other well-known brands who have established presences on the video network," warns Graham Cluley, a senior technology consultant at Sophos.

Beware of access email addresses

Microsoft didn't comment about the method used to hijack its account, but has since regained control of it and restored the deleted videos. Meanwhile, the YouTube account of the user who claimed to be responsible has been terminated for violating community guidelines.

This incident comes after Sesame Street's YouTube channel was hijacked and used to display adult videos last week. In order to avoid falling victim to such attacks, users should employ strong and unique passwords and review their Google accounts to make sure no unwanted email addresses have access to them.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.