Cyber Incident Victim: Vevo LLC
Date:
Sep 2017
Location:
United Kingdom
Summary
A multinational video service suffered a data breach when hackers compromised an employee account via a LinkedIn phishing scam, leading to unauthorized access through the Okta single sign-on platform. The OurMine group leaked approximately 3.12TB of internal files, including sensitive operational details like alarm codes alongside routine promotional materials and artist management documents. The attackers claimed the intrusion aimed to expose security weaknesses but escalated to data publication after alleging a confrontational response from an employee. The company acknowledged the incident, resolved the initial vulnerability, and initiated an investigation into the scope of exposed information. This breach occurred against a backdrop of prior high-profile compromises targeting entities affiliated with the service's parent organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 15, 2017, the music video hosting service Vevo suffered a data breach perpetrated by the hacking group OurMine. The attackers compromised approximately 3.12 terabytes of internal corporate files, which they subsequently leaked publicly. OurMine, known for prior high-profile incidents including hijacking HBO's Twitter account, WikiLeaks' DNS, and Mark Zuckerberg's social media accounts, claimed responsibility for the intrusion. According to their statements, the group gained access through a compromised employee account for Okta, a single sign-on workplace application. The hackers asserted they leaked the data after a Vevo employee responded to their outreach with an expletive-laden dismissal. Vevo later confirmed the breach resulted from a LinkedIn phishing scam targeting an employee.
The leaked cache contained diverse internal materials including weekly music charts, pre-planned social media content, artist management details, promotional videos, and sensitive operational documents such as alarm codes for Vevo's UK office. While much of the data appeared routine, the exposure of security-sensitive information raised concerns. Vevo responded by addressing the compromised access point and initiating an investigation to determine the full scope of data exposure. The incident occurred against the backdrop of Vevo's significant commercial operations, with Business Insider reporting $200 million in annual advertising commitments driven by content from major artists. Notably, Sony Music Entertainment—one of Vevo's joint venture partners—had previously experienced a devastating breach in 2014 attributed to North Korean-linked hackers. OurMine stated they would consider removing the leaked files if formally requested by Vevo.