Video hosting service Vevo, best known for hosting popular music videos, experienced a breach of its servers that resulted in more six massive troves of company data and sensitive information being stolen and published online.
The breach was carried out by hacking collective OurMine, a group best known for hijacking social media accounts and defacing websites. In this instance, the group made off with more than 3.12TB worth of the company’s data.
The group, which has claims to be a white hat organization that only hacks organizations and individuals to alert them of potential security vulnerabilities in their systems, published data stolen from Vevo online after an employee of the company was disrespectful to the hacking group on LinkedIn.
A chat log published by the group appears to show a member of OurMine reaching out to a Vevo employee. The employee, who was not identified, dismisses the group and claims they “don’t have anything.” In response, OurMine published what they had.
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27.
OurMine only briefly hosted the files online before removing them, reportedly because of a request from Vevo to take down the stolen documents. (It should be noted that white hat hackers typically don’t steal and publish documents.) However, while the files were accessible, they appeared to include some sensitive information.
According to Gizmodo, while many of the files were mundane—files included weekly music charts, pre-planned social media content and details about artists using the video hosting service—other files contained information like details on how to set and unset the alarm in the company’s office in the United Kingdom, complete with the alarm code.
Vevo—a joint venture between major record labels Universal Music Group, Warner Music Group and Sony Music Entertainment in collaboration with Google parent company Alphabet and Abu Dhabi Media—acknowledged the hack in a brief statement.
“We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure,” the company said.
The phishing attempt carried out through LinkedIn apparently resulted in a Vevo employee’s account for Okta, a single sign-on workplace application, being compromised. Through the compromised Okta account, OurMine managed to gain access to Vevo’s files.
Earlier this week, security researchers at Malwarebytes warned of an increased number of phishing attacks taking place through LinkedIn’s messaging system. The attacks typically take place by the attackers first compromising a user account and then spreading a link to a malicious document to connections the user has on the platform.
Phil Tully the principal data scientist at cybersecurity firm ZeroFox, told International Business Times the attack demonstrates “that social media is an effective vector for launching targeted attacks.”
Tully explained phishing attacks through social media tend to be effective because “social allows users to create believable online identities and interactions, which can help users build credibility and trust with their real-world peers.”
Tully advised potential targets to only interact with users who they trust, avoid downloading any file attachments sent through social media or clicking on links that appear suspicious or come from an unfamiliar user, and to enable two-factor authentication to provide a second layer of protection that should help keep attackers from being able to directly compromise an account with just a stolen password.