Lil Nas X, Kanye West and Taylor Swift were among YouTube Vevo channels hacked on Tuesday
On Tuesday morning, the YouTube channels of some of the world’s biggest stars flooded fans with eerie music videos. Vevo channels from artists like Lil Nas X, Eminem, Drake, Taylor Swift, Ariana Grande, Harry Styles, The Weeknd, Michael Jackson, Kanye West and more have been affected. The channels in question have a number of subscribers that amounts to hundreds of millions. Before the videos disappeared, viewers saw bizarre clips of Paco Sanz, a Spanish con man sentenced to two years in prison after being convicted of fraud for lying about terminal cancer, and the rapper Lil Tjay.
YouTube did not respond to requests for comment from The edge; However, Vevo – which bills itself as “the world’s leading music video network” – acknowledged the incident. A spokesperson responded to the contact via Vevo’s public press information and asked not to be named, citing the “nature” of the incident. They said in a statement that “Some videos were directly uploaded to a small number of Vevo artist channels earlier today by an unauthorized source.”
WARNING: major artists are currently being pirated by @lospelaosbro
So far, it looks like Juice WRLD, Eminem, Ariana Grande, Harry Styles, Justin Bieber, Travis Scott, Trippie Redd, Michael Jackson, The Weeknd and more artist YouTube channels have been hacked! pic.twitter.com/UtL6yiKxRF
– Music Countdowns (@MCountdowns) April 5, 2022
In addition to noting that the videos disappeared, they also claimed, “No pre-existing content was accessible at the source. Although the artist channels have been secured and the incident has been resolved, as a best practice, Vevo will be conducting a review of our security systems.
Another Vevo-related breach in 2018 saw popular music videos defaced, while the most-watched YouTube video of all time, “Despacito”. (it’s now second, behind “Baby Shark”), was vandalized and briefly removed.
Google and YouTube have recently focused on securing popular channels. Last year, a report exposed a phishing campaign targeting creators, YouTube demanded millions of popular channels to enable two-step verification, and Google says it gave hardware passkeys to more than 10 000 high-risk users.
Despite these precautions, an apparent compromise somewhere along Vevo’s pipeline allowed the attacker, who pointed to his @lospelaosbro Twitter handle in the posts, to continue uploading to high-level channels for several hours.
The artists or the people who manage their pages probably couldn’t do anything about it. Vevo’s artist info page explains that it works by creating a separate verified artist channel to upload videos, and YouTube merges that content with videos on the artist’s own YouTube page. A support page states that “Vevo does not provide direct access to artists”. Instead, independent content providers or the artist’s music label upload content to Vevo, which sends it to YouTube and other channels.