Comment by chmod775
2 months ago
There is often phishing campaigns targeting larger channels on YT, trying to trick someone with access to it into opening malicious e-mail attachments, with the end-goal of taking over the channel. Usually the attackers then put a livestream on it and push some crypto scam. It must make enough money, given that it keeps happening.
Most recent example I've seen: https://www.youtube.com/watch?v=EnVxWK6DfMQ
So then why do they need additional information about emails? They clearly already can email these youtubers.
This will enable you to get the private e-mail of the google account that owns the channel, which is not necessarily the same one a channel may give away publicly.
So for some channels that provided no contact information, you now can acquire an email address, and for everyone else you may now get an additional one.
It also enables you to link multiple channels back to the same person.
Every bit of information you can get your hands on counts for social engineering attacks.
For very famous individuals this may also open them up to harassment. You can't find Elon Musk's private telephone number on the Tesla homepage for good reason. For that class of people, any time that sort of information leaks, they need to get a new private phone number/e-mail address.
I think we can imagine reasons why this would be valuable. It's a vuln. That's worth know about and fixing.
I'm not sure that there are terribly many black market opportunities for "every bit of information" such that this should be a six figure payout or whatever.
2 replies →