Graham Cluley, Sophos: Microsoft's YouTube channel has been hacked

October 24, 2011

Hackers have taken control of Microsoft's official YouTube channel, removed the company's videos and replaced them with ones of their own.

At the time of writing, the hackers are still uploading new videos to the channel. The ones we have seen so far are typically three or four seconds in length, and typically call on other internet users to post video responses, create new background images for the channel or provide sponsorship.

Another brief video, entitled "Bingo", shows an animated character from what appears to be the "LA Noire" videogame by Rockstar Games, shooting another character in the head.

A message posted on the channel cryptically reads:

"I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/"

It seems unlikely that the change to the YouTube channel is a bizarre publicity stunt by Microsoft. After all, what would be the sense in deleting its archive of past videos - many of which are embedded on third-party sites around the world.

Although there are no details yet about how hackers managed to gain control of Microsoft's YouTube account, the obvious suspicion has to be that a Microsoft employee who had administrative rights over the channel was careless with their password.

One YouTube user, however, has left a comment on one of the videos describing his theory on how Microsoft's YouTube account was compromised:

This is how he "hacked" the channel:

He legittly made the account Microsoft when youtube wasn't that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid's email and microsoft forgot to change it or whatever.

So all this kid had to do was recover this account using his old email.

Not that hard. Thats probably how the other big Channels got "hacked".

Thumbs this up so people can see!

If that's true, then it's a colossal foul-up by YouTube that may concern other well-known brands who have established presences on the video network.

Regardless of how the hack occurred, it's embarrassing and inconvenient for Microsoft.

The attack comes just a week after hackers broke into the Sesame Street YouTube channel, and replaced its child-friendly content with hardcore pornographic movies.

Graham Cluley is senior technology consultant at Sophos. You won't find Graham on Facebook, but for daily updates follow him on Twitter at @gcluley.