Skip to main content

Stolen YouTube credentials up for sale online

(Image credit: Shutterstock / Alexey Boldin)

Researchers at the external threat intelligence company IntSights have observed that stolen credentials for prominent YouTube accounts are increasingly being sold in online black markets and on Dark Web forums.

YouTube channels have long been considered valuable by cybercriminals who use them to expose a new audience to a wide rang of fraudulent activities including scams and malware.

However, YouTube accounts from compromised computers or from logs of credentials can bring in even more money for cybercriminals when sold online. Although less popular channels may not be as lucrative as ones with more subscribers, content creators rely on them for their revenue and may be willing to pay an attacker to get their content and access to their channels back.

In order to gauge cybercriminals' interest in stolen YouTube accounts, one hacking forum recently decided to run a poll and the results show that 80 percent of its members would consider buying these stolen credentials.

Online auctions

Just as ransomware groups have begun to auction off stolen data, so to have cybercriminals who have acquired YouTube account credentials. 

In its blog post on the matter, IntSights showed one example where a seller was auctioning off  687 YouTube accounts at a starting price of $400 with a Blitz price of $5000 is someone wanted to buy the accounts outright. The auction was also set to end 24 hours after the last bid likely due to the fact that the seller wanted to sell off the stolen credentials fast before victims had a chance to contact Google support and explain the situation.

Although there are many ways for attackers to target YouTube channel owners, it appears as if the recent accounts that were up for sale were taken from databases containing Google credentials as well as from computers infected with malware.

IntSights recommends that all YouTubers protect their accounts by enabling two-factor authentication (2FA) as this makes it harder for cybercriminals to gain control of them in the first place.

Via BleepingComputer