Hackers have managed to deface an array of popular YouTube music videos, changing titles and thumbnail images.
Amongst the victims was the most-viewed YouTube video of all time, “Despacito” by Puerto Rican singer Luis Fonsi featuring rapper Daddy Yankee. The video, which has been watched an astonishing five billion times, had its thumbnail changed to an image of armed masked robbers from TV heist drama “La Casa de Papel” (also known as “Money Heist”) and a message added underneath saying “Free Palestine.”
Other high-profile videos to be targeted include ones by Katy Perry, Shakira, Drake, Selena Gomez, Adele, Taylor Swift, and Calvin Harris.
What connects all of the affected videos is that they are on singers’ VEVO accounts. VEVO is a platform owned by a group of some of the biggest music corporations, and takes a cut of the income generated by advertising displayed around their artists’ videos.
If the hackers, who call themselves “Prosox” and “Kuroi’SH”, had found a vulnerability in the YouTube platform that allowed them to meddle with YouTube videos – why would they have only tampered with VEVO music videos? Wouldn’t it have been tempting to deface other popular videos, or video content posted by controversial figures such as high profile politicians?
In a posting on Twitter, one of the hackers said that the defacement was not intended maliciously:
“It’s just for fun I just use script ‘youtube-change-title-video’ and I write ‘hacked’.”
Maybe this particular attack was more of a prank than an attack designed to steal information or spread malicious links, but that doesn’t mean that it didn’t cause damage at some level. Someone, for instance, will have had to correct the defaced video entries, and there’s always the potential that revenue has been lost by the artists, their record companies, and YouTube itself.
Although a widespread flaw within YouTube feels unlikely at this point, it would still be good to know how the hackers managed to deface quite so many music videos, and what lessons (if any) VEVO should learn to better protect its online accounts.