VEVO, it’s one of the most popular Copyright holders I have seen in recent years. I’m pretty sure the name alone brings back memories to people who watched their Youtube Videos, or the ones hosted on their website.
We all know that VEVO is the place where most popular music artists release their videos. The company has become prevalent like MTV did before it. However, the joint company founded by Warner Music Group, Sony Music Entertainment, Universal Music Group, Alphabet Inc. and Abu Dhabi Media has suffered a cyber-attack in recent days.
The company currently worth $200 Million dollars seems to have missed their cybersecurity lessons. Because they have gotten breached by a hacker group, as mentioned by a VEVO spokesperson to Gizmodo on Friday.
“(We) can confirm that VEVO experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure.” The incident happened due to a hacker squad by the name of “OurMine”. This isn’t the first time they do an operation of this caliber, either.
The OurMine hacker squad has claimed responsibility for hijacking WikiLeaks’ DNS last month shortly after they took over HBO’s Twitter account; last year, they took over Mark Zuckerberg’s Twitter and Pinterest accounts; and they hit both BuzzFeed and TechCrunch not long after that. And how much have they gotten away with this time? Roughly 3.12TB worth of internal files which have been posted online for everyone to see.
How did they do this? Through a LinkedIn phishing scam, OurMine was able to compromise a Vevo employee’s account for Okta, an app used to sign into workplace networks. From there, they were apparently able to gain access to Vevo’s media storage servers. This happened after they were told to “Fuck off” by said employee by the way. Here’s hoping he’s fired for provoking them this way.
Don’t mistake the group for being a Black Hat company however. OurMine has stated multiple times that they do these kinds of hackings as a White Hat effort. Showing companies that their security measures are simply lacking. “We have no bad intentions and only care about the security and privacy of your accounts and network.” Is stated on their web page.
How can someone be so clueless and disrespectful towards a benign hacker group is just beyond me. But once again, triple check your security measures in the current rise of Information leaks to not be fazed by this news.