Embarrassment for Microsoft after YouTube channel is hacked

Microsoft suffered an embarrassing security incident at the weekend after the company's YouTube channel was taken over by hackers who replaced the firm's videos with their own.

Microsoft appeared to have wrested back control of the channel at the time of writing, but the incident is the second time in a week that a high-profile YouTube site has been hacked, after hardcore pornography was briefly uploaded to Sesame Street's channel.

Sophos senior technology consultant Graham Cluley explained in a blog post that the videos uploaded to the Microsoft site were of only three of four seconds in length and "typically call on other internet users to post video responses, create new background images for the channel or provide sponsorship".

One of the most likely explanations is that a Microsoft employee with a username and password to access the account somehow allowed it to be phished or obtained by a third party, said Cluley.

However, there could be another explanation, according to a comment on one of the videos highlighted by Cluley, which would explain how the channel was hacked.

"He legitimately made the account Microsoft when YouTube wasn't that big but the REAL Microsoft probably asked YouTube to disable it and give it to them. The flaw is that this account was probably still linked to this kid's email and Microsoft forgot to change it," he said.

"So all this kid had to do was recover this account using his old email. Not that hard. That's probably how the other big channels got 'hacked'."