On Tuesday morning, YouTube channels for some of the world’s biggest stars showered fans with strange music videos. Vevo channels for artists like Lil Nas X, Eminem, Drake, Taylor Swift, Ariana Grande, Harry Styles, The Weeknd, Michael Jackson, Kanye West, and many others were affected. The channels in question have subscriber counts that add up to hundreds of millions. Before the videos disappeared, viewers saw bizarre clips of Paco Sanz, a Spanish conman sentenced to two years in jail after being convicted of fraud for lying about having terminal cancer, and rapper Lil Tjay.
YouTube did not respond to requests for comment from The Verge; however, Vevo — which bills itself as “the world’s leading music video network” — did acknowledge the incident. A spokesperson responded to contact via Vevo’s public press information and requested not to be named, citing the “nature” of the incident. They said in a statement that “Some videos were directly uploaded to a small number of Vevo artist channels earlier today by an unauthorized source.”
ATTENTION: Major artists are currently being hacked by @lospelaosbro— Music Countdowns (@MCountdowns) April 5, 2022
so far it looks like Juice WRLD, Eminem, Ariana Grande, Harry Styles, Justin Bieber, Travis Scott, Trippie Redd, Michael Jackson, The Weeknd, and even more artist's YouTube channels have been hacked! pic.twitter.com/UtL6yiKxRF
Besides noting that the videos are gone, they also claimed, “No pre-existing content was accessible to the source. While the artist channels have been secured and the incident has been resolved, as a best practice Vevo will be conducting a review of our security systems.”
Another Vevo-related breach in 2018 saw popular music videos defaced, while the then-most-viewed YouTube video of all time, “Despacito” (it is now second, behind “Baby Shark”), was vandalized and briefly removed.
Google and YouTube have recently focused on trying to secure popular channels. Last year a report highlighted a phishing campaign targeting creators, YouTube required millions of popular channels to enable two-step verification, and Google says it gave away hardware authentication keys to over 10,000 high-risk users.
Despite those precautions, an apparent compromise somewhere along Vevo’s pipeline allowed the attacker, who pointed to their Twitter handle @lospelaosbro in the posts, to continue uploading across high-profile channels for several hours.
The artists or the people who operate their pages were likely unable to do anything about the issue. Vevo’s artist information page explains that it works by creating a separate verified Artist Channel to upload videos, and YouTube merges that content with videos on the artist’s own YouTube page. A support page states that “Vevo does not provide access directly to artists.” Instead, independent content providers or the artist’s music label will upload the content to Vevo, which sends it to YouTube and other channels.