Rising Demand for YouTube Channel Credentials on Hacker Forums

By Ava McKinneyOnline Safety

Growing Interest in YouTube Channel Credentials on Hacker Forums

Experts from IntSights have discovered a recent surge in demand for YouTube channel credentials on the dark web. This trend is also fueling increased activity in credential checking. On hacker forums and credential trading sites, there are more and more offers for stolen YouTube account information.

Cybercriminals have long been interested in YouTube, as the platform provides access to a new audience that can be exploited in various ways, from scams to advertising. It is not uncommon for attackers to hijack popular channels from their rightful owners and then demand a ransom to restore access.

Information about YouTube channels is mainly collected from malware-infected computers, phishing campaigns, and similar methods. The stolen data is then sorted by specific logins and passwords for different services and sold on the black market.

Pricing and Examples

The price of lists containing YouTube channel credentials is generally proportional to the number of subscribers. Researchers provided several examples:

  • In one case, the price for a channel with 200,000 subscribers started at $1,000, increasing in $200 increments.
  • In another instance, researchers found an auction for credentials to 990,000 active channels, with a starting price of $1,500. A buyer could get the list immediately for $2,500, bypassing the auction. The seller likely wanted to make a quick sale before the victims noticed the breach, contacted support, and regained access to their accounts.
  • Another set of 687 YouTube accounts, sorted by subscriber count, was offered for a starting price of $400, with $100 increments. For $5,000, the entire lot could be purchased outright.

How Hackers Gather and Use the Data

IntSights specialists believe hackers are compiling these lists of YouTube channel credentials by checking databases of stolen logins and passwords (looking for Google account data) and information obtained from infected computers.

According to IntSights, in the past, attackers used sophisticated phishing campaigns and reverse proxy toolkits to bypass Google’s two-factor authentication (2FA). Now, sellers rarely mention 2FA at all, which likely means the stolen accounts were not protected by two-factor authentication.

Victims’ Experiences

Bleeping Computer notes that users who have had their YouTube accounts hacked and stolen often report being tricked into downloading malware. For example, one complaint found online states:

“They pretended to be YouTube sponsors, and when I tried to visit their site, a keylogger/spyware was loaded into my browser. Within a couple of minutes, they changed my password, removed my devices, deleted my phone number and recovery email. Then they tried to extort money from me, asking for BTC or they would sell my channel.”

Another victim shared a similar story, where scammers pretended to be looking for people to collaborate with.

Sources and Additional Information

  • Other channels and partners are also monitoring this trend.

Leave a Reply