Skip to content
Vevo
Naked Security Naked Security

Vevo hacked, 3.12 TB of data leaked

The hacking group OurMine says it leaked the data after being told "f*ck off, you don't have anything"

There’s a good chance that you’ve watched a popular music video from Vevo, either via YouTube,  Vevo’s website or its mobile app.

Most popular music artists release their videos through Vevo these days. The company – a joint venture between Warner Music Group, Sony Music Entertainment, Universal Music Group, Alphabet Inc and Abu Dhabi Media – has taken the position that MTV and MuchMusic used to have in delivering music videos to the general public.

Vevo has secured about $200 million USD in advertising revenue this year, on the strength of the tremendous popularity of videos from artists such as Taylor Swift, Beyonce, and Rihanna.

Well now, Vevo confirms that they’ve been hit by a huge cyber attack.

A Vevo spokesperson said to Gizmodo on Friday:

(We) can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure.

OurMine has claimed responsibility for the attack.

The group has previously taken over Mark Zuckerberg’s Pinterest and Twitter accounts, taken over HBO’s Twitter account, attacked BuzzFeed and TechCrunch, and poisoned WikiLeaks’ DNS.

Through a LinkedIn phishing scam, OurMine was able to compromise a Vevo employee’s account for Okta, an app used to sign into workplace networks. From there, they were apparently able to gain access to Vevo’s media storage servers.

About 3.12 TB of internal files have been leaked online, which include videos, internal office documents, promotional material, yet to be used social media content, and information about recording artists signed to the participating record companies.

On its website OurMine describes itself as a collection of White Hat hackers:

We have no bad intentions and only care about the security and privacy of your accounts and network.

It appears to be motivated by attention, wanting to publicise its business and a misguided desire to demonstrate its targets’ poor security.

Having hacked Vevo, OurMine apparently decided to leak its giant cache of stolen files because of a bad tempered exchange with an unnamed employee of the victim:

Why OurMine hacked Vevo

Hi, it’s OurMine, you don’t have to worry, we just got into too many private documents but we won’t share it

F*ck off, you don’t have anything

The OurMine web page that hosted the leaked data now says that the stolen files have been deleted “because of a request from VEVO”:

Screenshot of OurMine's Vevo hack page

For some excellent tips on how to protect yourself from phishing read about why you should be cautious of emails from friends or colleagues and how to protect your boss from phishing attacks.


6 Comments

Note to self:
Upon receiving a message from OurMine,
“f*ck off” should be the SECOND thing you tell them.

…the first should be
“Holy crap, thanks! Please tell me how you got in so I can fix it immediately.”
/facepalm

Would OurMine not released Vevo’s material if the employee had been polite?

I think it is more the fact that he questioned the validity of their claim. “You have a security issue which we took advantage of. We got a lot of stuff.” – “I don’t believe you.” – “Hold my beer.”

So I mean is this a start of a trend now? Every database has apparently been running server 2003 and windows xp and no one upgrades? Im just confused as to how so many places are being hit like this.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?