If you’ve seen the hit music video “Despacito,” then you’re probably aware of how wildly popular it is. Currently holding title as the “most viewed YouTube video” with over 5 billion views, it’s understandable why so many fans were in for a real shock, come the beginning of April.

During that week, hackers infiltrated the YouTube accounts of pop artists like this, as well as that of Taylor Swift, Drake, Katy Perry, and Shakira. The attackers vandalized these accounts by replacing their music videos with violent images of masked groups pointing guns at the viewer. The hackers, under the pseudonyms “Prosox” and “Kuroi’sh” wrote a message beneath each of the videos stating “Free Palestine.” They threatened about going after other YouTube channels as well.

YouTube announced that the video platform itself was not hacked, but Vevo’s accounts specifically. They stated: “After seeing unusual upload activity on a handful of Vevo’s channels, we worked quickly with our partner to disable access while they investigated the issue.”

Vevo continues to investigate the source of the breach.

But situations like this make tracking down the responsible suspect incredibly difficult, given how little information is known. While a breach like this has such a high potential for damage, it seems the activists may have just been in it for the challenge and the opportunity to spread a political message.

However, while this specific instance may not have been especially harmful, it is concerning that compromising such accounts was not particularly difficult. After all, if the attackers had spent countless hours trying to break into the accounts, they most likely would’ve also taken the time to make some money off of it. Perhaps by changing the bank account information from Vevo’s to that of their own. Rather, the hackers planted their message and ran.

So how could this have been prevented? It’s unclear at this point how exactly the hackers got in. But a likely scenario is that the accounts were not protected by two-factor authentication. This would allow the attackers to get in once they’ve obtained the password. While two-factor authentication isn’t completely faultless, it certainly does make things more difficult for the attacker.

Instances like this serve as a good reminder to all corporate companies about the importance of security. But how can you lock down your accounts across all platforms? Contact us.