In 2022, YouTube is the second most popular social media platform, just behind Facebook. Whether you’re looking up music videos, cooking advice, gardening tutorials, or, really, anything else, you can find it on YouTube.
Unfortunately, as we find ourselves online more and more, we are also experiencing greater threats to our online security, including our social media accounts. Particularly if you are a creator on YouTube, keeping your account secure is vital, not only to protect your private information, but to protect your brand and online reputation.
In this article, we’ll discuss what hacking looks like, what the consequences can be, and how to recover, secure, and protect your YouTube account from being compromised in the future.
What does it mean to be hacked?
If your YouTube account has been hacked or compromised, that means your account has been accessed by someone who is not you or otherwise authorized by you to access your account.
There are a few ways your YouTube can get hacked:
- There is a data breach of some kind that exposes your information, either through the platform itself or through a malicious third-party website or app, sometimes through a phishing attempt
- Your account has inadequate password security
While you can’t always defend against every data and security breach, you can educate yourself about what to look out for and secure your account to be better protected against hackers.
How do I know if my YouTube account has been hacked?
Generally speaking, the best way to know if your account has been hacked is if you notice any changes that you did not authorize. On YouTube, this could look like:
- Video content that you did not create or publish being uploaded to your YouTube channel,
- Comments or responses from your channel or account that you did not post,
- Messages that you did not send,
- Or any changes to your channel, including name, URL, profile photo, description, playlists, etc.
Changes to your account that are not public can also indicate that your account has been compromised. These changes could be updated security settings, added third-party apps, or new phone numbers or email addresses added to your account.
The Consequences of Getting Hacked
As of 2022, YouTube has 2.6 billion active users – approximately 30% of the world population. Over 720,000 hours of video are uploaded to YouTube every day, and 1 billion hours of video on YouTube are watched on a daily basis.
As one of the most active social media platforms, a breach on YouTube can carry significant consequences:
- If you have a substantial following, so will your hacker. Many YouTubers spend a substantial amount of time building their followings on the platform. If your account is compromised, this could have an effect on your audience, either through phishing or scam attempts, or by causing people to unfollow when your accounts shows activity that is out of character.
- More than just your YouTube could be compromised. If your YouTube account is compromised, your Gmail or Google account has been compromised as well. If the account you use for your YouTube account is your primary account, information for other accounts and profiles, personal information, or payment information is likely to have been compromised as well.
- If you lose access, you may lose your account. You cannot get into your YouTube if you cannot get into the linked Gmail, so if you are locked out for good, you may have to start over. Again – a substantial following on YouTube can take a very real amount of time, and losing that progress can have other impacts on your brand, career, and online reputation.
What to Do When Your YouTube Has Been Hacked
If you suspect that your YouTube account has been hacked, there are steps you can take to regain and secure your account.
The first question to ask yourself is: can you still log into your account?
If the answer is yes, the first step is to change your password. To do so, sign in to your Google account, go to Security and click on Signing in to Google. Choose password, and enter your new password.
Ensure that the new password you choose is secure, meaning that it is is unique from passwords you use for other websites, at least 10 characters long, uses several different uppercase and lowercase letters, numbers, and other symbols, and that you have not shared with anyone.
If you can’t sign into your YouTube or Gmail account, you will have to follow the steps to recover your account. Google has provided steps to help you regain access to your account. These steps will require you to answer as many relevant questions as possible to verify that you are the account owner to help you retrieve your account.
You may run into difficulties when attempting to get back into an account that you have lost access to, so be sure to keep the following in mind:
- When recovering an account that you have lost access to, it is important to answer as many questions as you can, and avoid skipping questions when possible. According to Google, even a “best guess” answer is better than no answer.
- That said, Google has also stated that “details matter,” so be sure to be as consistent as possible with spaces, wording, and upper- and lowercase letters.
- Using a device (such as your personal or work computer, cell phone, etc.), location (your home or office) or internet browser that you have used to access your Gmail account in the past can make it easier to recover your account.
- If you are asked for the last password you used for your account, but cannot remember your most recent password, include the most recent password you do remember. Again, try to avoid leaving any sections blank.
- If you are asked why you can’t access your account, be specific and let Google know you believe your account to be compromised. Google will use this information to assess the situation, so any context you provide can help you recover your account.
- Try again. If you are not able to recover your account the first time, you can try again to see if you can be verified as an authorized user.
- Be patient. Sometimes, account recovery can be delayed to protect your account and ensure that access is given to the right person. These delays can vary from a few hours to multiple days, but shouldn’t last much longer than that.
Unfortunately, if these processes do not work, and you are not able to sign in to your account, Google’s recommendation is to create a new account. You will not be able to access, update, or remove your YouTube account or channel without access to the linked Gmail account, so do what you can to regain access or you will risk losing your channel and having to rebuild from scratch.
If you are able to recover access to your YouTube account, it’s not over yet – you will need to take the necessary steps to secure your Gmail account.
Check Security Updates
When logged in to your Google account, go to Security (the same section you went to to change your password) and click on Recent security events. Take a look at the events Google flagged. If any of these were you, select “Yes.” If you see any activity that was not you, notify Google and select “No, that wasn’t me.”
Review Logged-in Devices
Under the same Security section, click on “Manage devices” from the Your devices section. Similar to the review of security events, you will need to review the devices to determine if any of the devices do not belong to you.
If you do see a device that you do not recognize or that does not belong to you, click on the “Don’t recognize a device?” option and follow the steps from there.
If you do recognize the devices, but there are too many devices logged in or you don’t use some of the devices anymore, you can log out of these devices.
If your YouTube account was compromised and changed, once you have recovered access and secured your account, you will want to reverse any changes made by the unauthorized user. Whether these are more superficial, such as changes to your profile picture, or more significant, such as video uploads or account settings, you will want to revert these changes back to your own preferences.
How to Keep Your YouTube Secure
Whether your YouTube account has been hacked or you want to avoid being hacked in the first place, there are things you can do to secure your account and lessen the chances of it being compromised.
- Keep Track of Your Account
Most of the time, you will know your account has been hacked because of changes that you didnt make, so the more aware you are of your account, the more likely you are to notice a change. Regularly check your security updates to stay up-to-date on suspicious activity, and check in with messages, comments, subscribers, or any other aspects of your account where changes may indicate someone has accessed your account.
YouTube (through Google) has processes in place to detect and communicate with you about potential profile breaches, particularly if you apply stricter security settings and set up Password Alert, so pay attention to any communication from YouTube regarding your account. That said, you should always be sure that communication about your account is actually from YouTube, as many phishing attempts will reach out to you pretending to be associated with the platform.
- Update Your Account Recovery Options
If a hacker has accessed your account and locked you out of it, one of the easiest ways to recover it is through your account recovery options. Make sure there is a phone number and additional email address associated with your account to help streamline the process if you have to recover your account, and be certain of your answers for any of the questions that may come up during the process.
Additionally, you should turn on two-step verification, which will require you to sign in both with your password and with a secondary verification option, such as your phone, a security key, or a printed code. This can cut down significantly on the chances of your account being hacked, as even if your password is compromised, hackers will not be able to access your account.
- Monitor Your Authorized Devices and Third-Party Apps
In addition to keeping up-to-date with your account, you should regularly check the devices that are logged in, the third-party apps that have access to your account, and any relevant settings or information on your account. As stated earlier, malicious third-party apps or websites can sometimes be the source of a breach to your account, so checking in to be sure that you recognize and need every app and third-party website linked to your account will help you maintain your security.
- Protect Your Password
A general rule of thumb: if any of your accounts are hacked, you should change your password to a new, secure, unique password as quickly as possible.
But even if your account has not been compromised, you should be sure to practice good habits when it comes to your passwords, including:
- Not reusing old passwords or passwords across multiple platforms
- Changing your password regularly,
- And never sharing your passwords with anyone.
Additionally, in its security checkup, Google will let you know if any passwords may have been compromised, which is another indication that you should change them immediately.
This much password maintenance can seem paranoid or unnecessary, but by keeping your passwords as strong as possible, you will have the best chance of protecting your account from being hacked.
If your YouTube account is compromised, there can be significant consequences. Thankfully, Google is aware of the importance of keeping your accounts secure, and there are steps you can take to recover, secure, and protect your account to keep this from happening.