YouTube content creators might be in for dark times ahead, with a concerningly steep upsurge being observed in the demand for access to hacked YouTube accounts on the dark web.
As of December 2019, India had more than 265 million users who had their own YouTube accounts, showcasing a wide range of content, including Do-It-yourself (DIY) tips, comedy, talk-shows, reviews and analysis. Each account has lakhs and crores of followers and the higher the number of followers, the more the income for the creators or ‘influencers’, as some of them are known.
The risk faced by YoutTubers was noticed earlier this month by New York based cybersecurity firm IntSights, which observed that YouTube accounts are being hacked and auctioned on the dark web. Once acquired by the highest bidder, the same accounts are then used to hold the original owners to ransom and this process can be easily repeated until the victims have been milked dry.
In an update put out on the IntSights blog on June 2 this year, Etay Moar, Chief Security Officer at IntSights said, “YouTube accounts from compromised computers or from logs of credentials can be of high value. While smaller channels may not be as lucrative as larger ones, YouTubers rely on them as revenue streams and might be willing to pay money to attackers to get their content and access to their channels back.”
The discovery, however, was only the tip of the iceberg. Researchers also discovered that a poll was run on the dark web in the last week of May, to which 80 per cent of the respondents expressed interest in buying hacked YouTube accounts.
“As always with underground offerings, when there is demand the supply is soon to follow. In recent weeks, IntSights researchers have noticed an increasing number of stolen YouTube channel credentials, of varying subscriber counts, up for sale,” Mr Moar added in the update.
The trend is also being tracked closely by Indian cyber crime agencies, at both State and Central level, with India emerging as one of the biggest markets for the video-hosting website.
“Hackers are cashing in on the fact that YouTube accounts get monetized after hitting a certain number of followers. With the rising popularity of YouTube and Youtubers in India, It is best to follow strict cyber security practices like two-factor authentications that are not dependent on text messages and not using the same username and password combination on different platforms and accounts," Special Inspector General of Police and cyber expert Brijesh Singh said.
Especially in the current scenario, with rival platform TikTok being under heavy fire from ‘patriots’ because of its Chinese origins, YouTube seems to be winning the war and gathering more followers than TikTok. The added cause for concern, officials said, is that while the trend is a new one, the hacking process in itself is ridiculously simple.
“Hackers can send out thousands of malware embedded in phishing emails every day seeking access to YouTube accounts. All the victims have to do is to click a link in an unverified email and malware, which are specifically designed to look for YouTube login details, will sniff them out and convey them to the hackers. The trend is just one more example of what a simple phishing email can lead to, and why intensive cyber security measures are all the more important,” a Cyber Crime officer said.