A hacker group called OurMine broke into Vevo's servers and stole over 3 TB worth of data, including music videos, documents, and other private information. The group uploaded it on the internet, but later removed the said stolen data at Vevo's request.
The trove of data included exclusive Vevo videos, bundles of documents labeled "premieres," marketing information, social media files, and other internal company documents.
OurMine revealed the hack via a blog post early Friday, Sept. 15. The group created a special directory of the stolen data, where they were briefly available to download or browse.
As Gizmodo notes, while many of the files were mundane — the data dump contained weekly music charts, social media plans, artist information — other files contained sensitive details such as how to set the alarm on and off in the company's UK office, including the alarm code.
Why OurMine Leaked The Vevo Data
Vevo confirmed that an attack did occur.
"We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure."
But why was Vevo targeted specifically? According to OurMine, it picks random companies every month to check their security. Vevo was one of the companies on its list.
The files have since been removed after Vevo requested OurMine to pull the data off the internet. This is a typical behavior of a white hat hacking organization, which OurMine claims it is. They don't hack for the sake of hacking; they do it to highlight possible vulnerabilities of a company. The only anomaly in the Vevo situation is that the data was leaked publicly, which rarely happens with white hat hackers.
Why Was The Data Leaked Publicly?
This is what happened: According to reports, OurMine had not intended to leak the data to the public and even tried to reach Vevo personally to inform them of the breach. But Vevo responded to OurMine's alert by saying, "F*** off, you don't have anything." OurMine shared a screenshot of this exchange on its blog, but Vevo has yet to verify if it's authentic.
In addition to hacking, OurMine also operates as a business, offering security for the individual level to the enterprise level. The monthly hacks are a way for OurMine to "improve the world security." It wants to make a point:
"No one is safe from hackers, even us!" the group said.