After all kinds of credentials that you can find on cybercrime forums, its the turn of YouTube accounts and the offers are increasing in numbers with every passing day.
Hackers are advertising the accounts on hacking forums in bulk quantity which one can buy after verifying the YouTube channel and the number of subscribers it owns. Overall, it is an attempt to expose a new audience and engage them in fraudulent activities that may also involve bigger advertising scams.
However, this isn’t the first time hackers have found value in YouTube accounts. On previous occasions, they have hijacked channels only to make the owner pay a certain amount to get the channel back. YouTube community support has always remained filled with complaints in which people have lost their YouTube accounts all of a sudden.
Researchers at an external threat intelligence company, IntSights have also found out that since the demand of YouTube credentials is high on online underground markets, companies that do data verification as a side business are also booming.
Hackers have been able to collect all of such data with the help of infected computers, phishing campaigns or logs of credentials stored with Google. Some users have also reported in their complaint that someone tried to hijack their YouTube account by tricking them into downloading malicious software.
In another story, the hacker contacted the victim with the purpose of “collaborating” for a project.
Etay Maor, IntSights’ Chief Security Officer, says that in more recent times hackers have gained immense confidence mostly because of their sophisticated phishing campaigns and their reliance on reverse proxy toolkits that successfully beats Google’s two-factor authentication.
Furthermore, no offers of 2FA coming along with the credentials may also mean that none of the hacked accounts had this security feature active.
The value of the list is directly proportional to the number of subscribers so roughly for a channel that has 200,000 subscribers the bid is of $1,000, along with a step of $200 as well. One advertised auction included 990,000 YouTube channels whose bid started from $1,500 and the one who paid $2,500 got the credentials.
There was one more bad actor who placed the ad of 25 YouTube channels having more than 100,000 subscribers and set the starting price at $600 with step of $100. He also promised to sell all the details immediately to anyone who was willing to pay $2,000.