Cyber Incident Victim: LeafyIsHere
Date:
Jul 2016
Location:
United States of America
Summary
The popular YouTube channel LeafyIsHere was compromised by the hacking group PoodleCorp, resulting in widespread defacement including the renaming of all video titles to display a hack message. The attacker group, previously linked to breaches of other prominent YouTubers' accounts, altered content to promote their Twitter handle but showed no evidence of accessing the victim's non-YouTube social media or financial accounts. Following the incident, the channel owner confirmed account restoration with assistance from both recovery specialists and the hacking group itself, though specific restoration methods were not disclosed. The breach impacted over 3.7 million subscribers through disruptive content modifications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around July 3, 2016, the YouTube channel LeafyIsHere—operated by Calvin Vail, a Utah-based content creator with over 3.7 million subscribers—was compromised by the hacking group PoodleCorp. The attackers systematically renamed every video title on the channel to display "hacked by twitter.com/poodlecorp," visibly defacing the platform. This intrusion occurred shortly after Vail had uploaded content celebrating his channel's growth, though the exact attack vector remained unspecified in public reports. PoodleCorp had previously targeted other high-profile YouTube accounts including WatchMojo, RedMercy Gaming, and Lilly Singh (IISuperwomanII), often extending breaches to ancillary platforms like Twitter and PayPal. In this incident, no evidence indicated compromise beyond the YouTube channel itself. The defacement remained active for approximately 24 hours before mitigation efforts began.
The attack disrupted normal channel operations, temporarily preventing legitimate content access while exposing subscribers to unauthorized messaging. Public visibility of the defacement risked reputational damage and viewer trust erosion. Calvin Vail regained control by July 4, 2016, acknowledging assistance from YouTube contacts @scerstt and @iaustinlong, media company OmniaMediaCo, and surprisingly, PoodleCorp themselves in restoring access. No data theft or financial impacts were confirmed, contrasting with PoodleCorp's prior incidents involving payment platform breaches. The channel resumed standard operations post-recovery, with Vail publicly confirming restoration via Twitter without disclosing technical remediation steps or enhanced security measures implemented.