Modernizing Authentication — What It Takes to Transform Secure Access
The Washington Post reports that Matthew A. Buchanan, 28, has admitted having earned more than $50,000 by taking over YouTube channels and opening them up to advertisements through AdSense accounts under his control (h/t Sophos).
He also admitted having accessed the e-mail account of the CEO of AOL in July of 2013.
Buchanan and another man, John T. Hoang Jr., apparently leveraged a flaw in Google's password reset process to take over victims' accounts. Hoang wrote software to identify more than 200,000 popular YouTube channels that didn't have advertising set up -- the two then took over the accounts and collected AdSense advertising payments for the channels, earning almost $56,000 from June 2012 to September 2013.
In one online chat between the two, Buchanan wrote, "if i don't go to jail this will be a good night for us :)"
Buchanan will be sentenced on March 28, 2014. He faces up to five years in prison.
As Sophos' Lisa Vaas notes, this case should serve as a solid argument for enabling two-factor authentication.
Photo courtesy of Shutterstock.