Cyber Incident Victim: Redmercy YouTube channel
Date:
Jun 2016
Location:
United States of America
Summary
A popular YouTube channel and its owner experienced a significant security breach when hackers compromised multiple accounts, including the channel, Twitter, and PayPal. The attackers, identifying as 'Obnoxious and Pein,' altered video titles across the channel's content and repeatedly hijacked social media profiles despite two-factor authentication being enabled. The victim admitted to password reuse across services, which facilitated the cascading account takeovers. While YouTube access and PayPal were restored, the associated Twitter account remained suspended following repeated breaches. The incident highlighted vulnerabilities in account security practices even with protective measures in place.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 25, 2016, the YouTube channels WatchMojo and Redmercy were compromised by the hacking group 'Obnoxious and Pein'. The attackers systematically altered video titles across WatchMojo’s channel, replacing nine years’ worth of content with the message 'Hacked by Obnoxious and Pein Twitter (dot) com/poodlecorp'. WatchMojo’s channel, boasting 12,291,423 subscribers, retained operational control of its website, Twitter, and Instagram accounts, though its Facebook page displayed no posts after November 2014, raising unresolved questions about potential secondary compromises. The channel’s administrators had not issued a public statement regarding the breach at the time of reporting, though analysts noted potential reputational and financial repercussions from disrupted content and advertiser concerns. Restoration efforts for WatchMojo’s YouTube and Facebook pages were confirmed by the article’s publication date.
Redmercy, a gaming commentary channel operated by Dmitry Garanin with 975,765 subscribers, suffered broader account takeovers beyond YouTube, including Twitter and PayPal. Garanin regained control of his YouTube channel and PayPal but faced persistent Twitter compromises, culminating in the platform suspending the account after a second breach. In two recovery videos, Garanin acknowledged reusing passwords across accounts, enabling sequential breaches despite two-factor authentication (2FA) being active on all compromised services. This admission highlighted a failure of 2FA to prevent unauthorized access under these conditions. The incident disrupted Redmercy’s content operations and payment systems, though YouTube and PayPal functionality was restored by the article’s publication. Twitter’s suspension of the account remained unresolved, reflecting ongoing containment challenges. The attacks underscored systemic vulnerabilities in account security practices, though neither Google nor Twitter disclosed technical details regarding the bypass of 2FA or initial intrusion vectors.