Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[starsmine]

4 minutes ago, cybersecuritybro said:

This says a lot about the quality of the employment that Linus Sebastian and his company has, just because they bulk hire a bunch of inexperienced Gen Zs and give them access to youtube, thus opening cyber security risks, says a lot about their lack of training, experience and resource management.

It is hard to believe that upper management allowed this attack to occur, unless they are as incompetent as their employers, which says a lot, I can suspect anyone from Linus himself, to Colton, Denis, Yvonne, Nick, etc. The whole thing is sad and pathetic, I cannot imagine how a company that has over 10 years of Youtube coverage and claims to be tech influencers managed to lack basic cyber security and do not have 2FA, and allow any employer to access their credentials to their own Youtube channels.

To be fair, their own CEO, Linus doxxed himself multiple times on his own WAN show, so that also says a lot about their incompetence. Probably a lesson to learn, but probably not, they had all the time to learn, now they reap what they sow.

no dude it does not say anything about the quality of anything. 

2fa isnt super strong as you like to think it is, there are other vectors of attack to get credentials. 

[Ravinsky_pl]

2 minutes ago, Robonwars said:

short circut never was down

My mistake then.

[wanderingfool2]

31 minutes ago, Kilrah said:

This wasn't about "ignoring security", it's about "not wanting to be responsible for recommending security-related products".

I find that a lot of those ones also tend to get dated over time.  What currently is a best practice today might not be best practice in 2025.  PCI compliance is a perfect example of how quickly things can change, they are consistently making tweaks to their best/required practices.

 

There is also the general concern about the balance between security and productivity, which is hard to come across on a shorter video.  You can make the most hardened security that will withstand a lot of hacking...but it doesn't make sense if every single task will take 2 to 3 times longer and the equipment is out of reach for most people it doesn't make sense.  Usually it's a fine balance between cost/productivity/security, balancing those out while understanding the risks involved can also sometimes be business dependent.

 

A key example of this, running an NT 4.0 server in modern times is a terrible security practice but is a trade off that sometimes has to be made (the software running on it would cost more than an extra employees wage per year in subscription costs, and required hiring someone new to code up the interface and the company simply isn't big enough to justify that type of yearly cost but the software was still needed so kept going with the last remaining perpetual license)

 

1 minute ago, cybersecuritybro said:

Tell me how a hacker gets a random employer's access to their cell phone or authentication app, unless they are brain dead and voluntarily take a conscious decision to authorize the second security challenge from said security devices?

For 2FA you don't really need it always, a simple key logger for example.  Or in the case, which I'm betting probably happened here, highjacking the open session.

 

[Kilrah]

1 minute ago, cybersecuritybro said:

Tell me how a hacker gets a random employer's access to their cell phone or authentication app, unless they are brain dead and voluntarily take a conscious decision to authorize the second security challenge from said security devices?

See the videos that have been posted, there's currently a known way of bypassing all authentication including 2FA on Google by stealiing session cookies, that's how other channels got owned.

[rayminator2022]

2 minutes ago, cybersecuritybro said:

Tell me how a hacker gets a random employer's access to their cell phone or authentication app, unless they are brain dead and voluntarily take a conscious decision to authorize the second security challenge from said security devices?

there is a video that I have watched

 

hope the channel comes back up

[Spotty]

1 minute ago, Pawgs said:

Just tryed to subscribe to floatplane. It's not possible. A error accured, try again later. 

Might be more then just youtube and forum they hit with the attack 

I believe some people have reported service interruptions at Floatplane due to the high volume of traffic and new signups. If you can't sign up now try again in a few hours.

The forum was not attacked. It too saw a significant increase in traffic when news about the Youtube channels broke and just couldn't keep up with all the extra traffic.

[TechXplore]

8 minutes ago, cybersecuritybro said:

This says a lot about the quality of the employment that Linus Sebastian and his company has, just because they bulk hire a bunch of inexperienced Gen Zs and give them access to youtube, thus opening cyber security risks, says a lot about their lack of training, experience and resource management.

It is hard to believe that upper management allowed this attack to occur, unless they are as incompetent as their employers, which says a lot, I can suspect anyone from Linus himself, to Colton, Denis, Yvonne, Nick, etc. The whole thing is sad and pathetic, I cannot imagine how a company that has over 10 years of Youtube coverage and claims to be tech influencers managed to lack basic cyber security and do not have 2FA, and allow any employer to access their credentials to their own Youtube channels.

To be fair, their own CEO, Linus doxxed himself multiple times on his own WAN show, so that also says a lot about their incompetence. Probably a lesson to learn, but probably not, they had all the time to learn, now they reap what they sow.

There are many things wrong with what you said there. First of all, let me just say that accidents do happen sometimes. Yes, incidents like this have happened in the past, and yes, maybe they should enable 2FA, but if you think about it for a second, 2FA is required on all youtube channels to do things like Monetize or Run Ads and such, this was required by youtube about a year ago. Even if they have 2FA enabled, depending on how secure said 2FA is on youtube's end, it could be quite easy to hack. There are people who do have 2FA enabled who still get hacked. Now there are many reasons as to how 2FA can easily be hacked, one of which is SIM Swapping, which can happen alot. As for the doxxing situation, that's not really incompetence, Sometimes, People dont think much when they share their screens. Some of that stuff happens on accident. In the end, its not a "we told you so" situation. You need to understand that even the most Technical can easily get hacked, even with 2FA on

[Uttamattamakin]

7 minutes ago, cybersecuritybro said:

This says a lot about the quality of the employment that Linus Sebastian and his company has, just because they bulk hire a bunch of inexperienced Gen Zs .....

I'm going to give you the benefit of the doubt.  Yes LMG appears from a distance to be a channel where the upper management are younger millennial age people and the employed are largely but not all genZ.  As such that means it would have more of a youthful spirit than an older company that would have a more rigid and formalized structure.  However, plenty of more corporate places get hacked all the time.  (Sony anyone?) 

What this says is that hackers are relentless.  A big target like LMG is going to have a lot of attacks incoming even measures that work 99.99999% of the time will fail in the face of enough attacks. Eventually one gets through.  So it's not really a situation where you avoid getting hacked, and more like you try to recover from a hack ASAP.   Prepare for the worst, hope for the best.   The better prepared you are for the worst the less bad it will be.   LTT backs up backups of their backups.  Floatplane is one example of that.    Though to be honest if they also published to Rumble or something that was not floatplane that would be good.  

[ShadowMorph]

Yep, session hijacking is what happened here most likely as well, and it's *really* sad and stupid that it takes such a high-profile account to go down for Google to get off their asses and actually look into fixing it properly, when others have already been affected previously.

[TylerD321]

Just now, Spotty said:

I believe some people have reported service interruptions at Floatplane due to the high volume of traffic and new signups. If you can't sign up now try again in a few hours.

The forum was not attacked. It too saw a significant increase in traffic when news about the Youtube channels broke and just couldn't keep up with all the extra traffic.

I plan on subscribing to Floatplane when I get home from work. I can't game without a good LTT video on my side monitor

[WhyCheese]

About 8 hours and still no channel. Floatplane, forums and lttstore was really smart move. Can't rely only on youtube.

[Phrozenbit]

9 minutes ago, cybersecuritybro said:

This says a lot about the quality of the employment that Linus Sebastian and his company has, just because they bulk hire a bunch of inexperienced Gen Zs and give them access to youtube, thus opening cyber security risks, says a lot about their lack of training, experience and resource management.

It is hard to believe that upper management allowed this attack to occur, unless they are as incompetent as their employers, which says a lot, I can suspect anyone from Linus himself, to Colton, Denis, Yvonne, Nick, etc. The whole thing is sad and pathetic, I cannot imagine how a company that has over 10 years of Youtube coverage and claims to be tech influencers managed to lack basic cyber security and do not have 2FA, and allow any employer to access their credentials to their own Youtube channels.

To be fair, their own CEO, Linus doxxed himself multiple times on his own WAN show, so that also says a lot about their incompetence. Probably a lesson to learn, but probably not, they had all the time to learn, now they reap what they sow.

Officially, nobody outside of LMG and youtube know what's been going on. There are some probable scenarios but what you are posting isn't it.

The event happening to LMG now looks like previous channel hacking events and likely involves social engineering tactics and session hijacking, which bypass 2FA and even login entirely. However, even what I am writing now is speculation, we're gonna have to wait 'n see what's been happening from LMG themselves.

[Itrio]

1 minute ago, WhyCheese said:

About 8 hours and still no channel. Floatplane, forums and lttstore was really smart move. Can't rely only on youtube.

It's almost like they had a "oh crap, what if youtube goes up in flames" plan in play

[Robonwars]

2 minutes ago, cybersecuritybro said:

I watched him since he was young and humble, now he seems like stuck up privileged millennial who made the big bucks in tech, as many people from America, that is why I was thinking that he should have done a better job securing his empire and company, instead of grinding to appear in all videos, wasting money on big laboratory that is a money pit, with still no legitimate reviews that were promised, at least not on the free YouTube channel ,etc

I am just pissed that Linus still allows himself and the company to be in this kind of situations

u want a rewiew? but cant see the Lab as the way to get there or what want u to say

[Itrio]

1 minute ago, cybersecuritybro said:

I watched him since he was young and humble, now he seems like stuck up privileged millennial who made the big bucks in tech, as many people from America, that is why I was thinking that he should have done a better job securing his empire and company, instead of grinding to appear in all videos, wasting money on big laboratory that is a money pit, with still no legitimate reviews that were promised, at least not on the free YouTube channel ,etc

I am just pissed that Linus still allows himself and the company to be in this kind of situations

Dude, this happens all the time to business small and big. Look at LastPass - their mistakes were easily avoidable. Not saying you can compare a grape to an apple, but it can happen to literally anyone, no matter the level of security you have in place. There is a reason that hand sanitizer is only 99.9% effective...

[TechXplore]

7 minutes ago, ShadowMorph said:

Yep, session hijacking is what happened here most likely as well, and it's *really* sad and stupid that it takes such a high-profile account to go down for Google to get off their asses and actually look into fixing it properly, when others have already been affected previously.

Well, it shows where google's Priorities are

[Kilrah]

3 minutes ago, cybersecuritybro said:

they should have had better security and only one person responsible for access to the channels, not all of them, someone specialized in social media security and cybersecurity

You don't know how they're doing it

It can happen even if doing it that way

It can, and has happened to literally anyone even when they've done their best and/or are experts in the field...

[Needfuldoer]

12 minutes ago, Spotty said:

The forum was not attacked. It too saw a significant increase in traffic when news about the Youtube channels broke and just couldn't keep up with all the extra traffic.

A good old-fashioned hug of death! Just like the heyday of Digg and del.icio.us (or however they spelled it).

 

No malicious intent needed; drive enough genuine traffic to a website and it's going to buckle.

[Phrozenbit]

1 minute ago, Itrio said:

Dude, this happens all the time to business small and big. Look at LastPass - their mistakes were easily avoidable. Not saying you can compare a grape to an apple, but it can happen to literally anyone, no matter the level of security you have in place. There is a reason that hand sanitizer is only 99.9% effective...

Was about to write something along theses lines, it is INCREDIBLY difficult to stay ahead of hackers, especially social engineering tactics. Like you mentioned earlier, a true pain to actually implement best practices and test employees on those best practices.

[Uttamattamakin]

2 minutes ago, cybersecuritybro said:

I watched him since he was young and humble, now he seems like stuck up privileged millennial who made the big bucks in tech, as many people from America,

He's Canadian he from Canadia.   Canadians really don't like being called American.  Canada and America have a strange relationship.  They are our close friend and ally who we invaded and got beaten by twice.   (And we were plotting to invade again as late as the 1930's). 

2 minutes ago, cybersecuritybro said:

that is why I was thinking that he should have done a better job securing his empire and company, instead of grinding to appear in all videos, wasting money on big laboratory that is a money pit, with still no legitimate reviews that were promised, at least not on the free YouTube channel ,etc

I am just pissed that Linus still allows himself and the company to be in this kind of situations

I know I know.  The fact is linus's mug in a video gets more views.  They've tried the experiment. While the other host do ok linus gets the clicks.   So he has to be in the videos... as for the labs that'll be ready when it's ready. 

[Ferkner]

Looks like Floatplane is borked. Every video I click on is the Short Circuit for the Razer gaming laptop.

[Robonwars]

1 minute ago, Ferkner said:

Looks like Floatplane is borked. Every video I click on is the Short Circuit for the Razer gaming laptop.

to much traffic should be tempoary is a diffrent system than effected

[Itrio]

1 minute ago, Ferkner said:

Looks like Floatplane is borked. Every video I click on is the Short Circuit for the Razer gaming laptop.

They just really want you to watch that one. Either that or I can only assume that their infrastructure is getting confuzzuled by the influx of requests.

[Uttamattamakin]

3 minutes ago, Kilrah said:

You don't know how they're doing it

It can happen even if doing it that way

It can, and has happened to literally anyone even when they've done their best and/or are experts in the field...

To be fair @cybersecuritybro's proposal that they have one or two or three people, highly ranked people who have to personally post the videos is not a bad one.  To ensure maximum security.  That those people should only do this process with highly secure devices bought/built for that purpose and that purpose only would be a good move.  Doing all of this and more and not telling us too much would be a good move too.  

They need to secure their soul like it was stored in Mikoshi.   Know what I mean?

[LogicalDrm]

3 minutes ago, Uttamattamakin said:

He's Canadian he from Canadia.   Canadians really don't like being called American.  Canada and America have a strange relationship.  They are our close friend and ally who we invaded and got beaten by twice.   (And we were plotting to invade again as late as the 1930's).

Canada is part of North America. The fact that US people have taken word America to means only US is more issue than umping Canada as part of America (which is geographically correct anyway).