Cyber Incident Victim: Lilly Singh's YouTube Channel
Date:
Jun 2016
Location:
Canada
Summary
A popular YouTuber's channel and associated Twitter account were compromised by hacking group Poodle Corp, leading to unauthorized content alterations and unrelated posts. The attackers renamed titles across numerous videos on the channel and posted erratic content on both platforms. The victim acknowledged the breach via social media, referencing the group's identity in tweets. This incident followed similar compromises of other prominent YouTube channels linked to the same threat actors. The affected accounts were subsequently restored to their original state following the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 26, 2016, Canadian YouTuber Lilly Singh discovered her YouTube channel and associated Twitter account had been compromised by hackers later identified as Poodle Corp. The attackers systematically altered titles of nearly all videos on her YouTube channel while posting unrelated content across both platforms. Singh confirmed the breach through tweets referencing "poodle," directly implicating the same group responsible for prior attacks on WatchMojo and Redmercy's accounts earlier that month. The intrusion occurred despite existing security measures, with no evidence suggesting compromised credentials were obtained through phishing or direct breaches of Singh's personal devices. Google's security protocols failed to prevent unauthorized access to her YouTube channel, which at the time ranked among the platform's most-subscribed comedy content creators.
The incident generated significant disruption as hackers maintained control for an unspecified period before restoration efforts commenced. Singh publicly acknowledged the breach through sarcastic Twitter posts that downplayed the intrusion's severity while confirming Poodle Corp's involvement. YouTube and Twitter administrators restored full control to Singh by June 29, 2016, when media outlets reported resolution of the compromise. The attack reignited existing concerns about platform security vulnerabilities following Poodle Corp's preceding breaches, particularly regarding the efficacy of Google's two-factor authentication system for high-profile accounts. No data theft or permanent content alteration occurred, though the incident temporarily disrupted Singh's content management capabilities during the period of unauthorized access.