Vevo, which hosts music videos from popular artists on YouTube and its own site, is the latest media company to be struck by hackers. The hack, carried out by the gray-hat security group OurMine—which also included a link to the data in a blog post—occurred, according to Vevo, after hackers carried out a “LinkedIn phishing scam.” Gizmodo reports that OurMine managed to acquire a legitimate login for Okta, the single-sign-on corporate password manager, to sign in to an internal Vevo platform.
In total, the cache included more than 3 terabytes of data, including videos, one-sheets, information about celebrity artists like Taylor Swift and U2, internal documents, and even instructions for turning off Vevo’s office alarm system. One “Artist Highlights” document dated June 2, 2017 for Katy Perry showed her videos had generated 12.2 billion video views and had a 54%-46% female-to-male fan ratio.
The group says it has since taken the data down “because of a request from Vevo,” but it’s likely other copies exist elsewhere online. OurMine said it initially warned Vevo about the hack and promised not to share anything but changed its tune after a Vevo employee allegedly responded in a LinkedIn message, “Fuck off, you don’t have anything.”
Vevo, which is co-owned by the three major labels, along with Google parent company Alphabet and the Dubai-based Abu Dhabi Media, would not comment on the exchange with the hackers.
“We’ve addressed the issue and believe the exposure was limited but we’re continuing to investigate the situation,” a spokesperson wrote.
Previously, OurMine allegedly hacked Mark Zuckerberg’s Pinterest and Twitter accounts and hijacked HBO’s Twitter account. Condé Nast was attacked by a large-scale phishing attempt, and HBO was separately hacked earlier this year, with attackers releasing unreleased content including a script for the network’s megahit Game of Thrones.
Putting aside giant breaches of our personal data like that of Yahoo and Equifax, the most damaging media company hack likely remains the 2014 breach of Sony Pictures studios by North Korea-backed hackers, which exposed embarrassing and offensive comments by studio insiders and ultimately led to the departure of co-chair Amy Pascal.