Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company’s internal network.
The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn.
The mysterious case of the Vevo files
The leaked data was published on the hacker group’s website late last night. It included links to six data troves, offering 3.12TB of data for download.
A link to the page hosting the Vevo links was made publicly available a few hours ago, but by that time most of the files were removed.
At the time of writing, most of the download links redirect to a Vevo Box.com login page. The website also features a notice stating that the OurMine “deleted the files because of a request from VEVO.”
Only five of the original six download links appear on the site, and only one of the five links provides any data for download.
To the best of our knowledge, the only person who saw the full Vevo files are Gizmodo reporters — who first broke the story —, Vevo employees, and 0Research security researchers.
Gizmodo reported that the “majority of the [leaked] files seemed pretty mild—weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management,” albeit a few documents contained sensitive materials.
Vevo admins security breach
In an email to Bleeping Computer, a Vevo spokesperson acknowledged the incident.
“We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure,” the company said.
Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.
OurMine did not respond to a request for comment.
The hacking crew, believed to be operating out of Saudi Arabia — according to a BuzzFeed investigation, rarely hacks and leaks files. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs.
Here’s an incomplete list of people OurMine hacked in the past two-three years alone. Usually, the hacks involve basic account hijacking or website defacements.
- BuzzFeed (website defacement)
- TechCrunch (website defacement)
- Variety (website defacement)
- BBC (Twitter account)
- Play Station Network (Twitter account)
- WikiLeaks (DNS hijacking, website defacement)
- Mark Zuckerberg (Facebook CEO, they hacked his Pinterest and Twitter profile)
- Dick Costolo (former Twitter CEO, they hacked his Pinterest account and cross-posted to his Twitter account)
- Jack Dorsey (Twitter CEO, they hacked his Vine account and cross-posted to his Twitter account)
- Sundar Pichai (Google CEO, they hacked his Quora account and cross-posted to his Twitter profile)
- John Hanke (Niantic CEO, they hacked his Quora account and cross-posted to his Twitter profile)
- Zach Klein (Vimeo CEO, they hacked his Quora account and cross-posted to his Twitter profile)
- Ev Williams (Twitter, Blogger, and Medium co-founder, they hacked his Twitter account)
- Marissa Mayer (Yahoo CEO, they hacked her Twitter account)
- Jimmy Wales (former Wikipedia CEO, they hacked his Twitter account)
- Daniel Ek (Spotify CEO, they hacked his Twitter account)
- Brendan Iribe (Oculus Rift CEO, they hacked his Twitter account)
- Adam Mosseri (Facebook VP, they hacked his Twitter account)
- … and loads of celebrities such as Deadmau5, David Guetta, Channing Tatum, Lana Del Rey, Drake, Pewdiepie, Alexa Losey, and Kylie Jenner, just to name a few.
Source:https://www.bleepingcomputer.com/news/security/ourmine-hacks-vevo-after-employee-was-disrespectful-to-hackers-on-linkedin/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
