Microsoft’s official YouTube channel was hacked over the weekend, with the company’s dancing-dad promotional video replaced with an assortment of other clips.
Yesterday, four or five videos were posted in succession, calling on viewers to post reponses or provide sponsorship. The channel’s now back to normal.
The attack comes just days after the Sesame Street YouTube channel was hacked and replaced with hardcore porn. While this latest attack seems unlikely to have been carried out by the same person, it does indicate that You Tube mighty just be a little vulnerable.
One hint as to the perpetrator is a message that was posted on the channel, reading: “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/”
One possibility is that some bored ex-Microsoft employee found that his administrative rights over the channel were still valid.
However, Graham Cluley of Sophos says that there’s another possibility. A post on the channel, now removed, suggested that an account could have been legitimately set up with the name ‘Microsoft’ in 2006, when YouTube was relatively small.
“The REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid’s email and microsoft forgot to change it or whatever,” the user suggested.
“So all this kid had to do was recover this account using his old email.”
It’s possible that the same technique was used for the Sesame Street hack last week.
“If that’s true, then it’s a colossal foul-up by YouTube that may concern other well-known brands who have established presences on the video network,” says Sophos’ Graham Cluley.
“Regardless of how the hack occurred, it’s embarrassing and inconvenient for Microsoft.”
Possibly less embarassing than the original Microsoft content, though.