Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities.
When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they didn’t have anything. As a result, OurMine published the data online before removing it after Vevo acknowledged that it had been compromised. The information included some sensitive information of individuals and companies using Vevo. 3.12 TB of Vevo’s internal files was compromised and posted online.
Vevo said “We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure.”
Security researchers at Malwarebytes have recently warned of an increase in phishing attacks through LinkedIn. The attackers are able to compromise a user account and then they spread a link to malicious document to the LinkedIn user’s connections. The users think the document is from the LinkedIn user, and opens the malware containing document and infects its system.
Security researchers are warning users of social media platforms to only interact with those who they trust, not to download file attachments sent through social media or clicking on links that come from an unfamiliar user, an enable two-factor authentication.