First of all I want to start by saying I love to watch CorridorCrew by the team over at Corridor Digital on YouTube. I appreciate the skill they have in their respective fields and the work they put into high quality content, I was therefore extremely interested when they uploaded this video (Channel was TERMINATED, we got Hacked (Not Clickbait)). As someone who lives in the Cyber Security space I wanted to know more, however this video only highlighted one thing to me the lack of emphasis in their video on the real issue, their own lack of cyber security.
To summarise the video the Corridor Crew’s YouTube account was compromised and a 3rd party took over their Near 6 Million subscriber page and removed all the videos on the page, replacing the name and starting a live stream of a Crypto mining scam. In the video it is highlighted that a member of the team had full admin rights to the business’s Google account , now to be clear in the video they are vague and say that this persons phone of MFA has also been compromised, but they never expand on this. Following another admin being able to force change passwords and kick all live sessions out and with some support from Google the team manage to restore access and return to function, using their other social media outlets to let fans and followers know what is happening.
What did they do wrong?
To me this video highlights a critical issue with business today which is the mentality of it what happen to us and when it does many business chalk it off to a one off event. As a specialist in the field, my concern would not only be what else does access to this account give them, but what other tools or techniques could they have put in place for a second or 3rd wave attack. While taking over a YouTubeChannel for a Crypto scam is far from they most serious of crimes.
A serious though needs to be put to what other data could they have taken or used from this account, could they have got into the business own site and in turn the customer data on it including credit card details. The list goes on but this event cannot be brushed away as well we are back online, the severity of the business failing to take cyber security seriously has to be looked at, they however are not alone.
I am not calling out Corridor Digital for any reason other than they posted this onto YouTube and highlighted the event and therefore are asking for commentary. I do feel it reflects heavily on the general approach to cyber security in business and therefore I yet again employer you to look at your business practices, look at the tools and protections you have in place and ask yourself “Is this enough” .
What tools should they have used?
If you haven’t already secure every online account you have with two factor authentication, and make sure than the second stage authentication is not a text message to your phone or an email back to your main account, you should be using tools with time sensitive codes, physical tokens or bio metrics. This is they minimum protection you should have, it therefore goes without saying that you should always have a secure pin on mobile phones and tablets and that they should also use biometrics for security where possible, companies like Apple and Google spend millions on technology to protect data so leverage them.
What can you do to avoid it happening to you?
In closing I ask you to review your cyber security now! Before it is too late.
If you want to talk to one of our experts about how we can help you can avoid being the next victim then please call 01235 433900 or you can email email@example.com or if you would like to speak to me directly you can reach out to me via DM or at firstname.lastname@example.org.