Another day, another multinational video service brought to its knees by a group of rogue hackers with a bone to pick.
Vevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. (Googleâs parent company), was just hacked. Roughly 3.12TB worth of internal files have been posted online, and a couple of the documents reviewed by Gizmodo appear sensitive.
The OurMine hacker squad has claimed responsibility for the breach. The group is well known: They hijacked WikiLeaksâ DNS last month shortly after they took over HBOâs Twitter account; last year, they took over Mark Zuckerbergâs Twitter and Pinterest accounts; and they hit both BuzzFeed and TechCrunch not long after that.
The leaked cache contains a wide variety of office documents, videos, and other promotional materials. Based on a cursory review, a majority of the files seemed pretty mildâweekly music charts, pre-planned social media content, and various details about the artists under the record companiesâ management.
But not all of the material was quite so benign. Vevoâs UK office will probably want to get this alarm code changed as soon as possible:
OurMine typically hacks people because, well, it can. The groupâs primary goal is demonstrating to companies that they have weak security. In this case, the hackers managed to compromise an employee account for Okta, the single sign-on workplace app. Usually they donât resort to leaking large caches of filesâat least to our knowledgeâbut in this case it sounds like someone may have pissed them off.
In a post late Thursday, OurMine claimed it leaked Vevoâs files after reaching out to one of the companyâs employees and being told to âfuck off.â But they informed Gizmodo by email: âIf they asked us to remove the files then we will.â
Of course, Sony (one of Vevoâs joint owners) fell victim to a devastating hack in 2014 after a group of hackers calling themselves the âGuardians of Peaceâ dumped a wealth of its confidential data online. US intelligence agencies pinned the breach on North Korea (one of the hacking groupâs demands was that Sony pull The Interview, Seth Roganâs comedy about a plot to assassinate Kim Jong-Un.)
According to Business Insider, Vevo locked up nearly $200 million in year long ad commitments this year, thanks to artists like Beyonce, Taylor Swift, and Ariana Grande helping generate some 25 million daily views. They might consider spending some of those earnings on beefing up their security. This couldâve been a lot worse.
Weâve reached out to Vevo, Sony, Warner, Universal, and Google for comment. Weâll update if we hear anything back.
Update 9/15/17 12:40am ET: Responding to our inquiry, a Vevo spokesperson told Gizmodo that the company âcan confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.â
Additional reporting by Bryan Menegus
