Microsoft’s YouTube channel has been usurped by a malicious user. All of the official videos, including recent ad campaigns, have been removed from the account. In their place are short clips soliciting advertisers. (note: as of this writing these short videos have now been removed, and the account appears to be back in the proper hands).
Although there are no details yet, several sources are speculating how this user gained access to the account. Based on a cryptic message left on the channel, some have postulated the user established the channel back in the early days of YouTube, as a squatter on the corporate brand. Microsoft then likely requested the channel be turned over to them. Years later the user comes back to YouTube and finding his old email account still linked to the channel, uses YouTube’s account recovery tools to regain access to the account.
A cryptic message posted to the channel reads:
I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/
WE ARE SPONSORING SUBBOX US AND MESSAGE US TO GET AN UPLOAD !
This is the second high-profile YouTube channel to be hacked in the past week. Sesame Street’s YouTube channel was hacked last weekend, leaving its normally family-friendly content replaced with pornographic content.
At this time it is unclear where the security flaw lies. Is it a YouTube security hole or was an employee with administrative rights to the account careless with the password?