The most-watched YouTube video of all time, “Despacito” by Luis Fonsi and Daddy Yankee, was was briefly removed from YouTube yesterday, along with several other popular YouTube videos, after hackers seemingly defaced the videos.
Screenshot: YouTube
Videos from Adele, Chris Brown, DJ Snake, Drake, Katy Perry, Selena Gomez, Shakira and Taylor Swift were reportedly also hacked. The hackers, who refer to themselves as Kuroi’sh and Prosox, changed the title of the videos to claim their responsibility for the hack.
Screenshot: YouTube
The hackers seem to have left many of the videos unchanged, aside from the titles. But some videos’ thumbnail images were swapped out with an image of a gun-wielding masked gang, a still from the TV series Money Heist.
All the videos had been uploaded on the video hosting service Vevo. The video hosting service was hacked last September, and sensitive internal files were posted online.
@YouTube Its just for fun i just use script “youtube-change-title-video” and i write “hacked” don t judge me i love youtube <3
— Prosox (@ProsoxW3b) April 10, 2018
A Twitter account that seems to belong to Prosox, one of the hackers who defaced the Vevo videos this morning, claimed they used a script to alter the videos, and that it was just for fun.
Screenshot: YouTube
The hackers do seem to have had some fun with the titles. They changed the title for Drake’s video for “Hotline Bling” to “Drake has been killed by Prosox on fornite”, a video game.
The videos all appeared to be back to normal at the time of publishing.
A YouTube spokesperson shared the following statement with Gizmodo: “After seeing unusual upload activity on a handful of Vevo channels, we worked quickly with our partner to disable access while they investigate the issue.”
A Vevo spokesperson shared this with Gizmodo: “Vevo can confirm that a number of videos in its catalogue were subject to a security breach today, which has now been contained. We are working to reinstate all videos affected and our catalogue to be restored to full working order. We are continuing to investigate the source of the breach.”