Microsoft's YouTube account hacked

In what appears to be an attack on Microsoft, the company had its main YouTube channel hacked today.

All of the page’s previous YouTube videos were deleted and replaced by two others, one of which is a four second video with text that simply says “We are sponsoring!” and the other of equal time which says “Make us a background for a subbox!”. To rub salt in the wound, the videos appear to have been made in Apple’s iMovie – evidence to suggest that the hacker involved is anti-Microsoft, pro-Apple.

Microsoft has a good track record of keeping their online profiles and systems secure, however no one can blame the company here since they didn’t have complete control over of the security of their account. As of time of writing it appears that Microsoft still haven’t gained access, however like one of the commenters has said “Microsoft has one of the most advanced technologies that can track you lil' home”

Both Microsoft and YouTube are yet to say anything about the intrusion however you might imagine that both companies may have been caught a little off guard.

Brad Sams contributed to this article.

Report a problem with article
Previous Story

The iPod turns 10

Next Story

Blizzard DOTA to be made available for free ... kind of

43 Comments

View more comments

M_Lyons10 said,
Sesame Street for one. I guess YouTube isn't very secure...
How does somebody having a weak password equate to the site being insecure? I bet any account on YouTube could be broken into given enough time and a reason to do so... with processing power these days, brute force attacks are getting quicker and quicker to execute.

I'm willing to bet we'll be seeing more and more sites implement some sort of two factor authentication to combat this kind of thing going forward. I just hope though that each site doesn't have it's own hardware keyfob device. Making use of a mobile app like Verisign VIP Access would be much better. I already use this on my PayPal and eBay accounts and it works very well. http://vipmobile.verisign.com/home.v

Joey S said,

Any password can be brute forced if it's weak. If Youtube itself was insecure, every account would have been hacked.

If a password on a website can be brute forced, then that website is not very secure. It is very easy to implement a security feature that will suspend the account if the password was entered wrong for the 10th time or so. Then either the user who has the email address to this account has to act, or the website won't allow a login in the next 5 minutes, going up with that time if the next login is wrong again. Brute force attacks take ages on such a system.

kavazovangel said,
Time for Microsoft to make a competitor to YouTube.

They have already tried... but it never took off.
I don't even remember the name.

Tpiom said,

They have already tried... but it never took off.
I don't even remember the name.

It was called MSN Soapbox. They pulled the plug on it a few years ago...

kavazovangel said,
Time for Microsoft to make a competitor to YouTube.

haha i remember soapbox... you know the youtube poop fad? i tried to start a soapbox poop fad... never took off...

i think the reason it failed was people just didn't like the interface. it was... bulky and had a LOT of ads. youtube is very easy going on the ads. also soapbox first used commercials before youtube, so people weren't happy about that.

if they tried again, i'm 100% certain it would take off, but they CAN"T USE UGLY web design. i mean... remember the old msn news page? how completely cluttered it was? it was like that, boxes everywhere... small font too. gahh... with html5 out, they can work wonders

Fault from which end ?? MS got malware in their system to lose the credential or the attack was on YouTube end to take control from server side ??

Google security vs MS security

Blame whom ??

Choto Cheeta said,
Fault from which end ?? MS got malware in their system to lose the credential or the attack was on YouTube end to take control from server side ??
Google security vs MS security
Blame whom ??

Poor user (or company) password policy. They must have used a rather weak one.

Ideally, a password should be greater than 8 alphanumeric characters, preferably including non-standard chars like $#@ etc. The most common mistake is to use an actual dictionary word, which is easily attacked.

Choto Cheeta said,
Fault from which end ?? MS got malware in their system to lose the credential or the attack was on YouTube end to take control from server side ??

Google security vs MS security

Blame whom ??


i think google security policy

subcld said,

i think google security policy

Those Static IP based SSL should be used for operation of these celebrity or company or such corporate accounts, so that, the login authentication would rest just not only in a password but also to some hardware specific and static protection to prevent unwanted intrusions

"To rub salt in the wound, the videos appear to have been made in Apple's iMovie - evidence to suggest that the hacker involved is anti-Microsoft, pro-Apple."

Um, wouldn't them simply hacking the page suggest they are anti-Microsoft?

Klethron said,

Um, wouldn't them simply hacking the page suggest they are anti-Microsoft?

He's reaching a bit there. There's no suggestion that Microsoft was targeted because of their bad reputation. It's much more likely that someone got lucky brute forcing.

Joey S said,

He's reaching a bit there. There's no suggestion that Microsoft was targeted because of their bad reputation. It's much more likely that someone got lucky brute forcing.

"bad reputation" is subjective. To many, Microsoft provides good software and services at a reasonable price, believing the competition, doesn't.

Klethron said,
"To rub salt in the wound, the videos appear to have been made in Apple's iMovie - evidence to suggest that the hacker involved is anti-Microsoft, pro-Apple."

Um, wouldn't them simply hacking the page suggest they are anti-Microsoft?

they did it for the LULz (tm)

Well, they removed the background now, and the videos. It's all white and grey now... there are a lot of comments on the channel now though... Lol.

While it really could've been anyone, I'm wondering if it's this guy who keeps commenting on Microsoft's channel called, YTSucksYep. & I don't think him liking Apple is his motive:
"LOOK AT MY FREKIN PAGE I OWN THIS ACCOUNT IN 06"
Maybe Microsoft forced YouTube to give them the username Microsoft, something YTSucksYep already had. To further convince me, this guy said this on the YTSucksYep channel:

"You're a serious retard you know that"
& another guy said this: "SUP MAN YOU ARE BACK AGAIN"

TBH, this is complete speculation & I could be pointing the finger at the wrong guy, but revenge would do it.

EDIT: Okay, now I'm more convinced. The guy who called him a retard now said, "You should bend down and prepear to be raped in jail after Interpol kicks your door down"

MASTER260 said,
While it really could've been anyone, I'm wondering if it's this guy who keeps commenting on Microsoft's channel called, YTSucksYep. & I don't think him liking Apple is his motive:
"LOOK AT MY FREKIN PAGE I OWN THIS ACCOUNT IN 06"
Maybe Microsoft forced YouTube to give them the username Microsoft, something YTSucksYep already had. To further convince me, this guy said this on the YTSucksYep channel:

"You're a serious retard you know that"
& another guy said this: "SUP MAN YOU ARE BACK AGAIN"

TBH, this is complete speculation & I could be pointing the finger at the wrong guy, but revenge would do it.

EDIT: Okay, now I'm more convinced. The guy who called him a retard now said, "You should bend down and prepear to be raped in jail after Interpol kicks your door down"


According to vlogsmack, YTSucksYep's, "real," username is SweepActive apparently.

How do we know if the videos were deleted? They could have been set on private and the ones this hacker added were set on public.

Kinda makes sense then none of their views or ratings are gone.

Just so you guys know, the account used to belong to some kid who made it but since he never used it, Microsoft requested it since they have copyright on their name. However they forgot to change the email associated with the account, so the kid just needed to click on the forgot password link.

You guys should really google search this stuff instead of just sticking with neowin as one news source.

As of this post, the Official Microsoft channel on YouTube has been restored.

As for "SweepActive" - I sense that they may be in need of some psychological counseling due to PTSD soon.

Commenting is disabled on this article.