“OurMine Are Back!” YouTube Hack Explained – Channels Under Attack

On April 01, 2017 at approximately 4pm pacific time / 7pm eastern time a major YouTube hack happened – possibly the largest hack in YouTube history.

Also see April 13, 2017 – Studio 71 network getting hacked by OurMine.

April 01, 2017 – Omnia Media YouTube Network hacked by OurMine

Roughly 300 of the biggest channels partnered with YouTube network “Omnia Media” are affected. The hacker group “OurMine” seems to be behind it. The hackers changed the video titles of all affected channels to:

“OurMine Are Back!… ( Read the description )”.

Then the video description reads:

Hey, it’s OurMine don’t worry we are just testing your security, please contact us for more information

https://ourmine.org
contactourmineteam@gmail.com

Omnia Media specializes in partnering with gaming channels. As such it’s mostly gaming YouTubers (including my own PowerPyx channel) that are affected. Either all their videos, or a large portion of them, were renamed and the descriptions replaced. However, no channels or videos were deleted entirely.

I myself am a managed partner at Omnia and have been affected by this. It’s a significant problem for channels that depend on search results – because if all videos have the same name it’s challenging for viewers to find what they are looking for and videos no longer show up in Google’s (or YouTube’s) search results under the correct terms. This really messes with YouTube’s algorithms and could potentially cripple a channel if not properly fixed by YouTube’s engineers.

Here’s what went down:

• When a YouTuber wants to work with Omnia Media they must connect their channel to them and give certain privileges (that includes editing video details). Please note that this is the same process for any other YouTube network and not specific to Omnia Media. This could potentially happen with any other network and some of them have hundreds of thousands of partners.
• The attackers supposedly hacked into Omnia Media’s systems. From there they had access to videos of all managed partners and could bulk edit them. Explanation: there are “managed” partners and “affiliates”. Out of Omnia Media’s roughly 1400 partners only 300 have the “managed” status. None of the 1100 partners with “affiliate” status were affected.
• It seems like a security exploit with the YouTube API and neither Omnia Media nor YouTube adequately secured their systems against such attacks. Again, the API allows a third party, Omnia Media, to alter video details and this hack demonstrates how dangerous this is.
• According to the video description that the hackers left behind, the goal may have been to showcase a security flaw with the current system.
• None of the channels were compromised or hacked directly. The hackers did not obtain the passwords of these channels. An employee of Omnia Media confirmed to me that no personal data of us YouTubers was leaked during the attack.
• All creators (including myself) still have access to their YouTube channels and social media. Everything should be fine once it gets fixed and the channels can keep posting videos.
• Playlist names, channel names and video tags are not affected.
• According to a tweet by Omnia Media, YouTube is actively working on restoring the video titles and descriptions. So at least they have backups and can roll back the metadata. Given that so many videos were hit at once it remains to be seen how swiftly YouTube will handle this. Most of these channels are well established and have been around for several years – so they have produced a large number of videos (many thousands on some). 6 hours after the hack none of my videos have been fixed yet. A handful of videos on other channels are fixed but it’s unclear if the creators changed them on their own or if YouTube did.

All of this begs the question why YouTube networks can change video details in the first place. They do not need and should not possess this power. Imagine a bigger network like BroadbandTV (230.000+ partners) or Fullscreen (54.000+ partners) getting hacked like this. Given that a very large amount of content creators is partnered through a network and not with YouTube directly this could cripple a huge part of the website.

UPDATE #1 – 9:30 PM (Pacific Time) April 01, 2017:

At approximately 9:30 PM pacific time (April 01, 2017) the hackers sent an email to people on Omnia Media’s email list, so it is possible they obtained email addresses of many YouTubers.

UPDATE #2 – 4:00 PM (Pacific Time) April 03, 2017:

YouTube has now fully reverted all titles and descriptions of my videos. A few single videos of other channels haven’t reverted yet, but they should soon. After the hack it took YouTube 48 hours to fix the affected channels (keep in mind the OurMine hack happened on a weekend). Thanks to the people at YouTube and Omnia Media for their quick help in this matter!

Updates are still coming in from Omnia Media’s twitter feed.

Aware of the issue – working to fix and will update everyone asap ^ AL

— Omnia Media (@OmniaMediaCo) 1. April 2017

For reference, no partner accounts have been compromised – updates shortly ^ AL

— Omnia Media (@OmniaMediaCo) 1. April 2017

The access point has been secured and YT is in the process of restoring meta data. More updates to follow ^ AL

— Omnia Media (@OmniaMediaCo) 2. April 2017

Update: YouTube, as of hours ago, is in the process of restoring meta data. No ETA given from their end – but it should be reverted soon.

— Omnia Media (@OmniaMediaCo) 2. April 2017

Meta data is being restored on all channels – it may take time to show fully. YouTube is and has been processing it overnight.

— Omnia Media (@OmniaMediaCo) April 2, 2017

Titles and descriptions should be nearly updated this morning – tags have been restored for February / March and continue to be resolved ^AL

— Omnia Media (@OmniaMediaCo) April 3, 2017

Omnia Media’s network reaches 1.8 Billion views each month. Below is a list of some of the channels affected.

Affected YouTube Channels by OurMine Hack:

• Kwebbelkop (6.5 million subs)
• miniminter (5.8M subs)
• LeafyIsHere (4.4M)
• PrestonPlayz – Minecraft (4.3M)
• iDubbbzTV (4.1M)
• Vikkstar123 (3.8M)
• TheAtlanticCraft (3.7M)
• h3h3Productions (3.7M)
• EverythingApplePro (3.4M)
• XpertThief (3.2M)
• Vikkstar123HD (2.9M)
• BCC Trolling (2.8M)
• Facts Verse (2.8M)
• LispyJimmy (2.7M)
• TBJZL (2.6M)
• MM7Games (2.6M)
• Zerkaa (2.6M)
• XboxAddictionz (2.5M)
• MessYourself (2.5M)
• Behzinga (2.4M)
• Chief Pat – Clash Royale (2.4M)
• nickatnyte (2.2M)
• GAMINGwithMOLT (2.2M)
• Sidemen (2M)
• Bodil40 (1.9M)
• sparklesproduction (1.8M)
• Nightblue3 (1.8M)
• TBNRfrags (1.7M)
• Brofresco (1.7M)
• Pyrocynical (1.7M)
• Anomaly (1.6M)
• KevinLaSean (1.6M)
• Clash with Cam (1.6M)
• ZerkaaPlays (1.5M)
• COLESON COMEDY (1.4M)
• MYSTIC7 (1.4M)
• Gonzossm (1.4M)
• TheDeluxe4 (1.4M)
• TheSmithPlays (1.4M)
• h2h2productions (1.4M)
• Beh2inga (1.3M)
• Fangs (1.3M)
• TWOSYNC (1.3M)
• Galadon Gaming (1.3M)
• Kwebbelcop (1.3M)
• Manny (1.3M)
• NoughtPointFourLIVE (1.2M)
• AnEsonGib (1.2M)
• Top 5 Best (1.2M)
• iCrazyTeddy (1.2M)
• MOMO (1.2M)
• iijeriichoii (1.2M)
• Jaboody Dubs (1.1M)
• BEEZ (1.1M)
• Redmercy (1.1M)
• TCTNGaming (1.1M)
• Nick Bunyun (1.1M)
• UberDanger (1.1M)
• ArcadeCloud (1M)
• CapgunTom (1M)
• SideArms4Reason (1M)
• Matimi0 (1M)
• Box Box (900K)
• Chaotic (900K)
• TBJZLPlays (900K)
• MrRoflWaffles (900K)
• SGC Barbierian (800K)
• Eclihpse (800K)
• LilyPichu (800K)
• lzuniy (800K)
• Kshaway (800K)
• PeteZahHutt (800K)
• VikkstarPlays – Random Games! (800K)
• McSkillet (700K)
• Trick2G (700K)
• ibxtoycat (700K)
• TheDavidvTV (700K)
• mcsportzhawk (700K)
• Jaze Cinema (600K)
• Crispy Concords (600K)
• ShadowBeatzInc (600K)
• RajmanGaming HD (500K)
• MassageASMR (500K)
• HassanAlHajry (470K)
• PowerPyx (450K)
• Overwatch Moments – Gaming Curios (355K)
• RossBoomsocks (340K)
• BunnyFuFuu (290K)
• awesomePCgames (270K)
• Vandiril (270K)
• Lozo (259K)
• CommunityGame (250K)
• AFGuidesHD (225K)
• SerbianGamesBL2 (221K)
• Kazawuna (214K)
• MrFujiyoshi720p (130K)
• CallYourBrains (127K)
• WatchGamesTV (127K)
• KazaLoLLCSHighlights (105K)
• Free Games Explorer (90K)
• BestK4tarinaNa (86K)
• Dolan Darker (78K)
• Foxdrop Plays (55K)
• Harbleu (38K)
• …many others

This story will be updated when new details emerge. It will be interesting to see how long YouTube needs to get things sorted. (Update: It took YouTube 48 hours to revert the changes made by the hackers). If anything is to be learned from this, it’s that there are some very serious security flaws with YouTube’s current system and the privileges they allow YouTube networks to have.

By the way, this is NOT an April Fools’ Joke. I am now waiting for YouTube to fix my channel. It should all be fine in the end and Omnia Media confirmed that they locked out the hackers. For me only videos from the past few months are affected (all the way back to Battlefield 1). If you have trouble finding a video why not head over to my Trophy Guide pages. There you can find all videos embedded with their corresponding trophies. After all this is cleared up video uploads will resume as usual. Thanks for your understanding and ongoing support!

April 13, 2017 – Studio71 YouTube Network hacked by OurMine

On April 13, 2017 a new OurMine hack happened, but this time it’s partners of popular YouTube network Studio71 (aka “The Collective” or “CDS”) that had their titles and descriptions changed. Again, the hackers exploited the same weakness in YouTube’s API to change video titles and descriptions of many channels partnered with the network. Be sure to read what went down during Omnia Media hack for the full explanation. Not all channels signed under Studio71 are affected, presumably managed partners only. Studio71’s network includes over 12,000 channels that reach a combined 5 billion video views per month. The network is particularly popular among entertainment and vlogging channels.

The titles of affected channels were changed to:

#OurMine – https://youtu.be/IdJuVgR_-7M (Read the Description)

Some channels had their titles changed to unique names.
For example SuperwomanVlogs videos were renamed to:

DOPEST VLOG EVER

Wassabi Productions video titles were changed to:

YOU’RE AWESOME 🙂

The descriptions show the same text as with the Omnia Media hack:

Hey, it’s OurMine, don’t worry we are just testing your security, please contact us for more information

contactourmineteam@gmail.com
https://ourmine.org

Aside from targeting a different YouTube network, OurMine are also linking to a video URL in the titles they changed. Going to the video at https://youtu.be/IdJuVgR_-7M brings up an error:

Before the video was taken down it showed a short 14 second clip called “OurMine Security – Trailer – SOON!”. Sounds like this is not the last time we heard from them.

Affected Channels by Studio71 Hack:

• Good Mythical Morning (12M subs)
• RomanAtwoodVlogs (12M)
• RomanAtwood (10M)
• VitalyzdTv (9M)
• Wassabi Productions (8M)
• RocketJump (7.7M)
• TheRichest (7.4M)
• ExplosmEntertainment (7.0M)
• Epic Meal Time (7.0M)
• MatthewSantoro (5.8M)
• Guava Juice (5.7M)
• Webs & Tiaras – Toy Monster Compilations (5.6M)
• Reaction Time (5.2M)
• Family Fun Pack (5.0M)
• corridordigital (4.2M)
• ownagepranks (4.2M)
• Furious Pete (4.0M)
• Logan Paul Vlogs (3.8M)
• Lauren Curtis (3.6M)
• Vat19 (3.6M)
• McJuggerNuggets (3.5M)
• howtoPRANKitup (3.4M)
• De’arra & Ken 4 Life (3.0M)
• Tiffany Alvord (2.9M)
• Dudesons (2.9M)
• Good Mythical MORE (2.9M)
• LifeAccordingToJimmy (2.7M)
• Rob Dyke (2.5M)
• TheBackyardScientist (2.5M)
• Lucas (2.5M)
• Tana Mongeau (2.4M)
• Element Animation (2.1M)
• Chloe Morello (2.1M)
• Matthew Espinosa (2.1M)
• D&B Nation (2.1M)
• TechSmartt (2.0M)
• Thoughty2 (2.0M)
• SuperwomanVlogs (1.9M)
• VitalyzdTvSecond (1.9M)
• Domo and Crissy (1.9M)
• Taylor Davis (1.8M)
• HollywireTV (1.8M)
• Improv Everywhere (1.8M)
• Simplynessa15 (1.7M)
• TwinMuscle (1.7M)
• TheOfficialLoganPaul (1.7M)
• JustKiddingFilms (1.6M)
• JustKiddingNews (1.6M)
• disneytoysfan (1.5M)
• lile451 (1.5M)
• Anthony Quintal (1.4M)
• toymonsterchannel (1.4M)
• JoshuaDTV (1.4M)
• itr3vor (1.3M)
• Domo and Crissy Vlogs (1.3M)
• …many others

What are your thoughts on all this? Leave a comment below.