On Tuesday morning, the YouTube channels of some of the world’s biggest stars showered fans with strange music videos. Vevo channels for artists like Lil Nas X, Eminem, Drake, Taylor Swift, Ariana Grande, Harry Styles, The Weeknd, Michael Jackson, Kanye West and many others were affected. The channels in question have subscriber counts that add up to hundreds of millions. Before the videos disappeared, viewers saw bizarre clips of Paco Sanz, a Spanish con man who was sentenced to two years in prison for fraud for lying about terminal cancer, and rapper Lil Tjay.
YouTube has not responded to requests for comment from The Verge; However, Vevo – which bills itself as “the world’s leading music video network” – has acknowledged the incident. A spokesman responded to a contact via Vevo’s public press information and asked not to be named, citing the “nature” of the incident. They said in a statement that “some videos were uploaded directly to a small number of Vevo artist channels today by an unauthorized source.”
WARNING: Major artists are currently being hacked by @lospelaosbro
So far it looks like Juice WRLD, Eminem, Ariana Grande, Harry Styles, Justin Bieber, Travis Scott, Trippie Redd, Michael Jackson, The Weeknd and more artist YouTube channels have been hacked! pic.twitter.com/UtL6yiKxRF— Music Countdowns (@MCountdowns) April 5, 2022
Not only did they state that the videos had disappeared, but they also claimed, “The source had no pre-existing content accessible. As a best practice, while the artist channels have been secured and the incident resolved, Vevo will conduct a review of our security systems.”
Another Vevo-related breach in 2018 defaced popular music videos, while the then-most viewed YouTube video of all time, “Despacito” (it’s now the second-biggest behind “Baby Shark”), was vandalized and briefly removed.
Google and YouTube have recently focused on securing popular channels. Last year a report highlighted a phishing campaign targeting creators, YouTube asked millions of popular channels to turn on 2-Step Verification, and Google said it was giving away hardware authentication keys to over 10,000 high-risk users.
Despite these precautions, an apparent compromise somewhere along Vevo’s pipeline allowed the attacker, who referenced his Twitter handle @lospelaosbro in the posts, to upload through high-profile channels for several hours.
The artists or the people running their sites probably couldn’t do anything about the problem. Vevo’s artist information page explains that it works by creating a separate verified artist channel to upload videos and YouTube merging that content with videos on the artist’s own YouTube page. A support page states that “Vevo does not offer direct access to artists.” Instead, independent content providers or the artist’s music label upload the content to Vevo, which broadcasts it to YouTube and other channels.