A "massive" series of account takeover attacks has for the past few days targeted YouTube creators, many of whom are influential members of the automotive and car review community.
The high-profile channels targeted include Built, Troy Sowers, MaxtChekVids, PURE Function, and Musafir. Creators in other industries were also targeted in the coordinated campaign, which manipulated account holders into visiting phishing sites to steal their login credentials.
According to a report from ZDNet, which investigated the attack, this is likely how the takeovers unfolded: Phishing emails lured targets onto fake Google login pages, which collected credentials attackers used to access Google accounts. The attackers then assigned popular YouTube channels to new owners and changed the channels' vanity URLs so the accounts appeared to be deleted.
Some victims were looped into group email chains including other creators in the same community; others received individual phishing messages. It seems the attackers were able to successfully bypass multifactor authentication in order to break into the accounts of some YouTube creators.
Read more details here.