Cyber Incident Victim: Vevo LLC

On April 10, 2018, hackers using the aliases Kuroi’sh and Prosox compromised the official YouTube account of Vevo, a multinational video hosting service. The attackers defaced video titles across multiple high-profile artist channels, including those of Adele, Shakira, Katy Perry, Chris Brown, Stromae, Maitre Gims, Tivevo, Iggy Azalea, Marshmello, Selena Gomez, The Wolves, Vlad, and Drake. They deleted Luis Fonsi’s "Despacito" music video, which had accumulated over 5 billion views. Screenshots confirmed the defacements showed altered titles referencing Palestine, with hackers claiming control of Vevo’s administration server through a tool called "INVULP" and referencing "VRTMS." The attackers publicly justified their actions by asserting that large companies’ security systems were inherently vulnerable, stating, "everyone is hackable." Concurrently, they compromised the Twitter accounts of BBC Arabia and NowThis News, mirroring tactics used in a prior incident days earlier.

This breach followed a September 2017 incident where the OurMine hacking group leaked 3.12TB of Vevo data, though no confirmed link existed between the two events. The 2018 attack disrupted content for numerous artists, erased one of YouTube’s most-viewed videos, and demonstrated persistent access, as Vevo’s channel remained compromised at the article’s publication time. No containment efforts or restoration timelines were disclosed. The hackers emphasized ideological motives ("for Palestine") but provided no further context. The incident highlighted recurring security failures at Vevo, with no evidence of data theft or broader system compromises beyond YouTube channel defacements and video deletions.