I have spent the last four months working on a YouTube channel. Despite two-step authentication, I had my channel stolen. Here is what has happened and how it has been dealt with by Google.
First off, thanks to everyone who emailed me, DM’d me, Facebooked me, instagram-commented, and used all of the other means of communication about this debacle. I didn’t get back to everyone; although I only have a very modest following, it seems that everyone of you got in touch, which I am very grateful for.
I started a YouTube channel a while back when I was starting to become a bit bored of the daily grind. As a commercial photographer, I don’t have an overly creative job. I am more of a problem-solver and a technician who creates concepts that are given to me. But the videos, especially the vlog, allowed me to flex my creative muscles, learn about audio and video-making, as well as trying to offload some of the information in my head that I couldn’t seem to find elsewhere on the internet.
All was going swimmingly well, most of the videos were well received, and I was getting better at making them. I also noted that my main work was getting better too, as I was far happier with the addition of my new creative outlet. Life was good.
The Channel Hack
However, one afternoon, while checking in on the comments, I was suddenly kicked out of my channel. The icon to log in had also vanished, which seemed a bit strange. I logged into my Google account and noted that I wasn’t prompted to use the app to authenticate my log-in, and when looking at the past activity, I could see a new location for a log-in had been made, which was obviously the hackers who had come in and moved the channel to their own Google account. After the initial panic, I tried to contact Google or YouTube. This task was seemingly impossible. There are no numbers, no email addresses, or really any means of contacting them. A bit of googling (ironic, I know) told me to post about it in the Google chat forums and that someone would be in touch. I did, but they weren't
A day or so later, I decided to report my channel and in doing so, I made a copyright claim. This suddenly made a live chat come up with a chap called Bryan, who quickly asked for some details and continued to email me a reference number. Bryan was a particularly polite and calming person from over at Google, and although he wasn’t the chap with the answers, he did make me feel like things were being taken care of. After three weeks of chasing him and being ignored on questions as to how two-step was broken, if my Ad Sense account and money were safe, and if the link from Ad Sense to my bank was safe, I received an email to confirm that I had been hacked and that they would transfer my channel back to me. It all seemed very simple. No mention of the security of my bank details or the two-step authentication.
I am still waiting for the final channel transfer so that I can remove all of the films that the hackers uploaded, but hopefully, I will be back to uploading sometime next week.
So, What Did I Learn From All of This?
Nothing. I did everything I should have, and something bad happened. It felt bad, it’s fixed now, and I feel better. I doubt it was a personal attack, merely a gang of people taking masses of channels to make a few dollars.
I read a lot about phishing emails, and I assumed that this must have been how they got in. Between social media and email, I receive about 100-200 messages a day. Since then, I realized that it was all set up through an account that I haven’t opened an email from in five years, so I am not doubtful that it was a phishing scam that I fell for. Either way, I will certainly be more vigilant, and I have since had someone look at all of my IT systems and add VPNs to all of my machines and phones. Although losing a small YouTube channel is only a personal blow, had anything else been hacked, it would have been extremely distressing.
If This Happens to You, Do the Following.
- Report a video on your channel for copyright infringement or explicit content.
- Click on the live chat button, and send over as many details as you can.
- Sit and wait. It took three weeks for mine to be secured.
- Don’t panic. It seems to be happening to a lot of people, and Google seems to have a good system to fix it.