YouTubers: The Growing Security Target

Cybersecurity experts are warning about growing demand for stolen YouTube login credentials on Dark web forums. Etay Maor, CSO at IntSights, explained that in recent weeks his team has noticed an uptick in demand for stolen credentials for prominent “Influencer” accounts on the global video site.

Why Hack YouTube Channels?

YouTube has been growing exponentially since the company started in 2005, known as the main platform to post and share your videos the world over; the site where many of us have had late nights surfing interesting videos. YouTube started out as place to show off your skateboard skills but has transformed into a commercial juggernaut. People make money as “influencers”. The highest paid YouTuber makes $26 Million each year and he’s only 8 years old.  Ryan Kaji has been reviewing toys on YouTube for a while, racking up millions of views and gobs of cash.

YouTube gives anyone the opportunity to share their videos and make a name for themselves, regardless of what they are doing. High profile accounts, making millions of dollars, are “high value” to hackers, according to Maor. But why?

What Will They Do With The Accounts?

There are a couple malicious actions a hacker can take once they have access to a lucrative YouTube account. 

Option 1: Spread Malware

Hackers can use the account to spread malware to the millions of subscribers to a popular YouTube “influencer”. Hackers need eyeballs to socially engineer.  Influences have hundreds of thousands of eyeballs devoted to their channels, trusting the recommendations from the Influencer.  Hackers exploit both the eyeballs and the trust to implant malware into videos or links to malicious websites tied to fake recommendations that are posted to the channel.  In these cases, malware is spread by hackers exploiting the trust of subscribers to click on malicious links or install recommended products that are actually malware. Once inside your systems the hacker can lock up your devices with ransomware or use the intrusion to gain sensitive information about the viewers of the videos.  But there are other reasons for this up-tick in YouTube Credential theft.

Option 2: Ransom Back Access to the Influencer’s Accounts

When a hackers takes control of an “Influencer” account, that revenue stream is instantly lost to the Influencer.  Secondly, they can lose brand loyalty and viewers if the hacker begins to abuse the account by posting inappropriate material.  Both place urgency to recover access to the account of the Influencer before too much damage is done and revenue is lost. This makes it easier for hacker to extort a large bitcoin ransom payment to return access of the account to the Influencer.

What Can Be Done To Prevent This?

The prevention of the sale of these accounts on the Dark Web is not something that you can do directly, but there are some solutions. The first thing that users should be thinking about is their account security. Users should be asking themselves three questions all relating to authentication and access control.

Enable Two-Factor Authentication on your Critical accounts

The very best “silver bullet” for protecting any online account is enabling two-factor authentication.  This is true for YouTube Account take-overs especially. A quick refresher on Two-Factor Authentication.  Two factor authentication is the use of two of the following three identification factors: 

  1. Something you know – Most often a password for your account.
  2. Something you have – Such as a cell phone with a temporary authentication code.
  3. Something you are – Such as your fingerprint or facial recognition.

Using two of these three factors is simply the best way to protect your accounts. Hackers know that most people don’t set up 2FA into their account as it can delay logging in by a few seconds. As a result hackers steal or buy login credentials and take over Influencer accounts to extort bitcoin payment. With two-factor authentication enabled on YouTube accounts (all critical accounts should have 2DA), it takes more than your username and password to gain access. 

You mentioned all critical accounts should have Two-factor setup.  What if I have an account that doesn’t support 2FA?  What should I do then?

LEARN how to use a Password Manager

One action all cybersecurity professionals recommend doing is learning how to use a Password Manager. They install right into your web browser and are easy and free for personal use. A Password Manager enables you, over time, to set and use unique passwords on all your favorite websites.  This protects you from a YouTube account compromise (or any account for that matter) when and if a hacker acquires your favorite password from another websites breach or the Dark Web. There are more than 10 BILLION publicly known exposed accounts publicly available on the Dark Web. That is also just the tip of the iceberg as security experts estimate 10 to 50 times as many exposed accounts on closed hacker forums on the Dark Web.

Password Managers fight user password fatigue so you don’t have to remember multiple different passwords for your accounts. They store your passwords securely inside an encrypted vault in your web browser plug-in an insert them into legitimate websites when you visit them (but ignore phishing websites trying to steal your credentials). Password Managers create complex and unique passwords for you that are perfect to help keep hackers away from your information. 

“Do I have any previous account breaches I am unaware of?” 

Anyone that has dozens to hundreds of online accounts should check to see if any of their accounts have been exposed to hackers. CyberHoot provides a Dark Web Search service on its homepage and for all users of the service that gives a full report of when, where, and what was exposed from you and may be for sale on the Dark Web. If you aren’t a CyberHoot user, head to and scroll down our homepage to find the Dark Web Search and see if any of your accounts have been breached. If any of your accounts have been breached, we highly recommend changing your passwords to a unique, complex, 14+ character password, store it in a password manager, in order to keep one step ahead of the hackers. 

CyberHoot Can Help!

CyberHoot can train your employees on cybersecurity awareness with our large training library of over 200 videos. CyberHoot has phish testing too. This allows companies to test their staff and view which employees may need additional training. CyberHoot has Dark Web reporting to notify you whenever your accounts have been exposed on the Dark Web.

Sign up with CyberHoot today to have your employees being more aware and more secure. 


Dark Web Demand Surges For YouTube Accounts

Hackers Selling Stolen YouTube Credentials on Dark Web

8-year-old boy Making $26 Million a Year on YouTube Reviewing Toys

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.