How Barkha Dutt, Tanmay Bhat's YouTube accounts were hacked
What's the story
The popularity of Tesla and its CEO Elon Musk is being misused by hackers, to perpetrate scams. The latest victims are comedian Tanmay Bhat and news outlet Mojo Story operated by journalist Barkha Dutt whose YouTube accounts were compromised. In both cases, account details were altered and videos of Musk speaking on cryptocurrency were live-streamed. So, how did hackers manage to do so?
History
Such attacks are not new
Back in March, Linus Sebastian of Linus Tech Tips also faced an attack by hackers to spread a Tesla scam. The modus operandi behind the current attacks is similar. Singer Abdu Rozik and stand-up comedian Aishwarya Mohanraj's accounts were also reportedly hacked. Post the attack, Dutt slammed YouTube for not acting fast enough, while Bhat claimed the attackers bypassed two-factor authentication for his account.
Twitter Post
Here's how Dutt responded to the attack
After hours of urging @TeamYouTube to act & being assured action is being taken, I woke up to find @themojostory channel content ALL DELETED by the hackers- four years of blood, toil, sweat, tears, 11 thousand videos, COVID work of 3 years, ALL GONE. I am heartbroken @nealmohan
— barkha dutt (@BDUTT) June 5, 2023
Information
Bhat's account yet to be restored
As of now, the accounts of Mojo Story and Rozik have been restored to their previous status with all content. However, those belonging to Bhat and Mohanraj continue to show a fake Tesla page with a live stream on.
Twitter Post
Bhat claimed that 2FA had been bypassed
@YouTube @Google @YouTubeIndia hi guys - my YouTube / gmail account has been hacked. 2FA by passed. Need help urgently. Pls DM!
— Tanmay Bhat (@thetanmay) June 4, 2023
Description
What does the Tesla scam look like?
The 'live streams' featuring Musk are fake and carry superimposed messages that nudge viewers to scan a QR code on the top right corner of the screen. There's also a 'chat' section with a fake URL (musk2x.net) pinned on the top. If you tap it, you are redirected to a dummy webpage with even more QR codes. Scanning them can compromise your personal details.
Steps
How was the hacking done?
In Bhat's case, attackers may have bypassed two-factor authentication by hacking the SMS service on his device. One-time passwords (OTPs) necessary for 2FA are delivered via SMS and the hackers could read the details. The attackers might also have gained access to session tokens to avoid entering security credentials. Such tokens allow web browsers to stay logged in to a page even after refreshing.
Attack
Linus Tech Tips encountered a malware
Recalling how the attack took place, Sebastian of YouTube account Linus Tech Tips said, "Someone on our team downloaded what appeared to be a sponsorship offer from a potential partner and launched a PDF." Malware was then deployed using which hackers copied and exported browser data, including session tokens for all logged-in sites. Dutt and Bhat may have unknowingly installed similar malware.
Information
How to stay safe online?
Users can follow certain steps to secure their accounts from prying eyes. Always use trusted devices, vet the third-party vendors, go through the account privacy settings thoroughly, enforce multi-factor authentication (MFA), and do not scan QR codes from unknown sources.