Security researchers from cyber intelligence firm IntSights revealed that they have noticed a surge in demand for stolen YouTube account credentials on several darknet forums. Researchers also stated that threat actors may use these account credentials to spread malware, launch fraud scams against viewers, or even use these it to blackmail the account owners.
“Over the past few weeks, IntSights researchers have observed yet another new trend in black markets and cybercrime forums that has rapidly growing demand: stolen credentials for prominent YouTube accounts. It should come as no surprise that global reliance on the internet has skyrocketed during quarantine, with surges in internet usage and streaming services in particular,” said Etay Maor, CSO at IntSights.
According to researchers, cybercriminals use multiple attack vectors to target YouTube channel owners. It is found that most recent accounts were stolen from databases containing Google credentials as well as from malware-infected computers.
Maor also highlighted that underground hacking forums run a quick poll to find if this is of interest to other forum members. One such poll revealed that 80% of the forum members wanted to see more YouTube credentials to be put up on sale. Researchers also found a seller auctioning over 680 accounts for a starting price of $400, some of which had over 40,000 subscribers.
“YouTube accounts from compromised computers or from logs of credentials can be of high value. While smaller channels may not be as lucrative as larger ones, YouTubers rely on them as revenue streams and might be willing to pay money to attackers to get their content and access to their channels back. Below is an example of such a case from a Google support thread,” Maor added.
Hackers Flood Dark Web with Stolen Data
In recent security discovery, researchers found and reported a massive data breach, in which the members of the “Shiny Hunters” hacking group compromised 73.2 million user records from over 11 companies and kept them on the darknet for sale. The hackers are from the same group who are behind the Tokopedia data breach, in which 91 million user records were compromised and kept on sale on the hacking forums for $5,000. Later, the group breached India-based online learning platform Unacademy, which exposed details of 22 million users and kept the records for sale on the darknet forums for $2,000.
Several incidents have been reported in recent times on hackers selling stolen information on the darknet markets. According to Cyble, attackers were also selling over 267 million Facebook records for £500 (US$623) on dark websites and hacker forums. The records contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.