Man Admits Hacking YouTube Accounts for Profit

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The Washington Post reports that Matthew A. Buchanan, 28, has admitted having earned more than $50,000 by taking over YouTube channels and opening them up to advertisements through AdSense accounts under his control (h/t Sophos).

He also admitted having accessed the e-mail account of the CEO of AOL in July of 2013.

Buchanan and another man, John T. Hoang Jr., apparently leveraged a flaw in Google's password reset process to take over victims' accounts. Hoang wrote software to identify more than 200,000 popular YouTube channels that didn't have advertising set up -- the two then took over the accounts and collected AdSense advertising payments for the channels, earning almost $56,000 from June 2012 to September 2013.

In one online chat between the two, Buchanan wrote, "if i don't go to jail this will be a good night for us :)"

Buchanan will be sentenced on March 28, 2014. He faces up to five years in prison.

As Sophos' Lisa Vaas notes, this case should serve as a solid argument for enabling two-factor authentication.