Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[Drazil100]

6 minutes ago, Eluminary said:

I think if it is at all possible they will do one this week.  Just because they have that streak they are so proud of.  This was pretty bad though it might not happen.

There is no way they cancel WAN. Even if they have to do it on floatplane only I am sure they will still do WAN show. 

[RockyRZ]

11 minutes ago, Winterlight said:

It will be not easy job now for them recovery channels due Google rules is strict. From other side Google really need massive changes in how 2FA work that would makes impossible bypass 2FA just by stealing cookies.

Is that how they got hacked? Stolen cookies?

[Lurick]

2 minutes ago, Panda Stonetree said:

Maybe I'm dumb, but why is it that I see Tesla-n-Idiot linked to so many hacks and spammers? 

Because elon became a face for crypto with his pump and dump scheme of dogecoin so they use a known face that's "trusted" to try and trick people into thinking they're associated with the scam.

[Eluminary]

3 minutes ago, StopHackingLinus said:

Not sure how I much I need the backpack since I'm 46 yrs. old but that LTT screwdrivers looks pretty nice.

 

What safeguards are in place to preserve all the YT videos?  You would think once you have full access to the account then you can delete everything rather easily, unless YouTube has some very robust backup strategies across multiple data centers (hopefully they do).

Youtube does they would be able to restore everything no problem.  Even if they didnt LTT has all their stuff backed up in 3 different places.  It was mentioned on a video in the past 2 weeks or so during a backblaze ad

[Lurick]

Just now, Datanerdje said:

2FA is a scam/hack to get your location and ID better verified. Its an exploit and doesnt contribute to security at all. As a matter of fact your personal security is even worse. 

So you have no idea how good 2FA works. Good to know

[Flangvik]

Sad to see this happen to LTT, best of luck getting back up and recovering from this. In terms of what happend i'm gonna shoot in the dark as say an editor's computer got compromised through malvertising, probably some credentials stealer of some sort. I acutally don't think this was the result of spear phishing.

[infinitytec]

2 minutes ago, Datanerdje said:

2FA is a scam/hack to get your location and ID better verified. Its an exploit and doesnt contribute to security at all. As a matter of fact your personal security is even worse. 

(Citation needed)

[WTFX]

This is very sadge. I've been considering signing up for Floatplane for a while now though, so maybe this is a good point in time to show support.

[Drazil100]

3 minutes ago, StopHackingLinus said:

Not sure how I much I need the backpack since I'm 46 yrs. old but that LTT screwdrivers looks pretty nice.

 

What safeguards are in place to preserve all the YT videos?  You would think once you have full access to the account then you can delete everything rather easily, unless YouTube has some very robust backup strategies across multiple data centers (hopefully they do).

Deleting a database entry that says a video can be viewed and that it belongs to your account is different than deleting the video. I am sure google keeps all deleted video files for some period of days possibly even months before actually deleting them just in case they are deleted due to a stolen account. Database entries are easy to reverse. 

[wasab]

oh wow, all three channels. pretty sure someone at ltt got duped into handing over his passwords. 

[dialgarocksful]

No one gonna mention LinusCatTips still up

[Pontneddfechan]

The thumbnail on my GoogleTV is quite ironic now... 

[_SKELETO_]

I wonder then, if something as large as an entire youtube group of channels can be taken like this, what hope for security is there for smaller, less financially capable entities? And I deffo wanna know which password locker LTT was using, cause I wanna know what to avoid...

[flyw4vy]

1 minute ago, Drazil100 said:

Deleting a database entry that says a video can be viewed and that it belongs to your account is different than deleting the video. I am sure google keeps all deleted video files for some period of days possibly even months before actually deleting them just in case they are deleted due to a stolen account. Database entries are easy to reverse. 

The fact the videos are still on the account means the account that was actually hacked had only editor privileges and not owner privileges.

[WhyCheese]

Just now, _SKELETO_ said:

I wonder then, if something as large as an entire youtube group of channels can be taken like this, what hope for security is there for smaller, less financially capable entities? And I deffo wanna know which password locker LTT was using, cause I wanna know what to avoid...

It was likely browser cookie was stolen. No need to know password for attacker.

[StopHackingLinus]

4 minutes ago, Drazil100 said:

Deleting a database entry that says a video can be viewed and that it belongs to your account is different than deleting the video. I am sure google keeps all deleted video files for some period of days possibly even months before actually deleting them just in case they are deleted due to a stolen account. Database entries are easy to reverse. 

That is good to hear.  Will be a happy day when LTT returns and is stronger than ever.

[picklerick_0420]

4 hours ago, Nick-MrMeow said:

Live video sent from LTT(Now called Tesla) talks up bitcoin and encourages people to scan scam QR code. Started just after 3am 3-23-23

Whats your time zone?

 

[Lurick]

Just now, RockyRZ said:

I hate 2FA, security being tied to your phone number is a bad idea. Granted, email based on isn’t perfect either. 

SMS and Email based 2FA is insecure as hell

An app that sends a push notification which requires you to enter a specific set of numbers from the browser into the app is secure

Having it tied to a security key you have to tap is very secure

Preventing spam of app notifications is a great step to stopping MFA fatigue where the user gives up or accidentally hits approve.

Nothing is perfect but to say it's a scam is complete bull.

[Gokul_P]

1 minute ago, RockyRZ said:

I hate 2FA, security being tied to your phone number is a bad idea. Granted, email based on isn’t perfect either. 

dont think linus is using either of this He is prob using a hardware key or authenticator app. 

[mykeworthy]

5 minutes ago, StopHackingLinus said:

That is good to hear.  Will be a happy day when LTT returns and is stronger than ever.

It’s happened before. Several big YTers had their whole channel deleted and (most) everything was recovered. And this appears to be a termination by YouTube, which different. Terminations are ALWAYS reversible 

 

EDIT: apparently the videos were delisted first before YT removed the channel. Just found that out from the subreddit. That changes things a bit but not a lot 

Edited March 23, 2023 by dragonkyng

[Uttamattamakin]

This is the scuttlebut that is out there.  It may be the case that this was a spear Phfising attack or possibly a social engineering attack.    Yes there is a way to do this without those things ... but social engineering is the big weak link in security.  The hardware and software matter but the most important technology in the stack is in your head. 

IF I had to lay money on it.  I'd lay this on it. 

[WTFX]

5 minutes ago, Pontneddfechan said:

The thumbnail on my GoogleTV is quite ironic now... 

I swear the thumbnail to the left of Riley's looks like Linus too lmao, I had to take multiple takes

[ashjonas]

Youtube has taken down all the hacked channels. Hoping that nobody was scammed during this.

[NegativeX]

WIshing you guys all the best in navigating this mess.

[slizgi]

Hope all will be recovered soon and smooth. Damn, next WAN will be lit.