Vevo has now joined the growing list of entities to fall victim to a serious security breach and release of internal documents.
The online music video service, a joint venture between music giants Universal Music Group, Sony Music Entertainment and Warner Music Group, was recently targeted by hackers who posted more than 3 terabytes of internal files online, Gizmodo reported late Thursday. The leaked files are mostly benign, Gizmodo reported, containing mainly office documents, videos and promotional materials.
Vevo is one of the most popular music video sites on the internet. It offers 250,000 official music videos that draw 21 billion views a month globally on its popular YouTube channel and its own site and app.
Vevo has now confirmed the breach, calling it the result of a phishing scam via LinkedIn. “We have addressed the issue and are investigating the extent of exposure,” a Vevo representative said.
The OurMine hacker squad has claimed responsibility for the breach. The group is well known: They hijacked WikiLeaks’ DNS last month shortly after they took over HBO’s Twitter account.
The leaked cache contains a wide variety of office documents, videos, and other promotional materials. Based on a cursory review, a majority of the files seemed pretty mild—weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management.
Some files were more sensitive, though, such as one which reveals the alarm code for the company’s offices.
OurMine typically hacks people because, well, it can. The group’s primary goal is demonstrating to companies that they have weak security. In this case, the hackers managed to compromise an employee account for Okta, the single sign-on workplace app. Usually they don’t resort to leaking large caches of files—at least to our knowledge—but in this case it sounds like someone may have pissed them off.
OurMine tells us that it leaked Vevo’s files after one of the company’s employees told it to “fuck off”, but added that it will take down the files if Vevo asks it to.
“Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security“, says the tweet that went out across a number accounts.
The hacking outfit has previously exposed the Twitter, and other social media, accounts of Mark Zuckerberg, Google CEO Sundar Pichai, TechCrunch and Buzzfeed.
The hacking team became embroiled in a kind of tit for tat battle with the latter after Buzzfeed made efforts to identify the faces and the names behind the threats.