Online video service Vevo became the latest victim of a major data breach after hackers infiltrated its servers by conducting a phishing scam via LinkedIn.
A notorious hacker group calling itself OurMine released 3.12TB of internal files on the web after breaching Vevo’s servers.
Even though it claims it is a ‘security group’ with an ethical purpose, OurMine has been quite notorious in the recent past. It has been hacking into servers and social media accounts of well-known organisations, ostensibly to reveal security flaws that need to be patched to prevent further attacks.
Last month, the hacker group gained global recognition after it hacked into FC Barcelona’s Twitter and Facebook accounts and announced the signing of Angel Di Maria who was, at that time, a hot prospect for the Catalan club. The group then asked the club to contact them to sort out their security issues and also apologised for announcing Di Maria’s signing.
A week earlier, OurMine briefly took control of HBO’s Facebook and Twitter accounts as well as the official Twitter account of Game of Thrones. The group had also infiltrated the Netflix US Twitter account last year and had asked the video streaming giant to take its help in resolving security concerns in their social media accounts.
However, unlike other instances where it usually leaves after warning its victims, OurMine didn’t let Vevo, a joint venture between Sony Music, Alphabet Inc, Warner Music Group, Abu Dhabi Media and Universal Music Group, survive the hack without a scratch.
After infiltrating Vevo’s server by perpetrating a phishing scam, OurMine released 3.12TB worth of internal files on the web. According to Gizmodo, leaked files included ‘a wide variety of office documents, videos, and other promotional materials’ including ‘weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management’.
Even though the leaked data didn’t contain sensitive customer data, it did include a confidential alarm code that is used by employees at Vevo’s UK office during contingencies. OurMine later said that it wouldn’t have published the data had it not been asked to ‘fuck off’ by a Vevo employee whom the group had initially contacted to notify about the breach.
OurMine couldn’t have chosen a better time to breach Vevo’s servers to make its presence felt. Competing with other video streaming platforms, Vevo now has the likes of Taylor Swift and Beyonce on board and has also earmarked $200 million to invest in upfront advertisements this year. Naturally, the data breach comes as a rude shock to the service which is in the middle of a massive marketing blitz.
Last night, a Vevo spokesperson told Gizmodo that the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”