@LinusTech Twitter Account Hacked

[rm -rf]

2 minutes ago, LinusTech said:

Yes we know exactly what happened.

Can you confirm that the issue with the Twitter account is at the fault of Twitter Inc., or was something else compromised?

[LinusTech]

1 minute ago, rm -rf said:

Can you confirm that the issue with the Twitter account is at the fault of Twitter Inc., or was something else compromised?

It wasn't Twitter's fault directly but there are definitely things they could do to make accounts more secure.

 

I'm sorry, but I'm really not going to get into details here. 

[burnttoastnice]

2 minutes ago, rm -rf said:

They have also made a public commend earlier saying that they were going to hack a YouTube channel with over 5 million subscribers and disable the account.

 

rm -rf isn't usable in current versions of Ubuntu, even if you are in a sudo terminal

Really don't know what motivates these groups to go after pointless targets, why can't they go after Keem or something?

& oh My server is still on 14.04.

 

2 minutes ago, thedarkdad3 said:

You've been hacked multiple times buddy. My advice Hire a new firm and take some courses on real world security.

This was the fault of a third party firm, according to what he said... What you're saying sounds like e.g. Google gets compromised and the targeted gmail user is at fault

[Whosdr]

After someone mentioned it wasn't a simple DDoS, this is what I had assumed happened.

Ah well, things are back to normal now.

[Digivoxel]

1 minute ago, burnttoastnice said:

Really don't know what motivates these groups to go after pointless targets, why can't they go after Keem or something?

They only talk about the accounts they are successful at getting into. They probably have thousands of failures and so far they have only gotten about 3 accounts?

[Stuff_]

3 minutes ago, LinusTech said:

It wasn't Twitter's fault directly but there are definitely things they could do to make accounts more secure.

 

I'm sorry, but I'm really not going to get into details here. 

For the sake of security, forum passwords are stored in a nice cryptographically secure manner, yeah? 

[thedarkdad3]

You have over 300k followers and "you won't go into details" with the potential to have more leaked information from hundreds of thousands of people in the future and potentially face lawsuit years down the road....? 

 

If you need recommendations on "real security and a real firm" DM ME.

 

The sooner you realize this is going to continue happening the better. Good luck.

 

 

 

1 minute ago, LinusTech said:

It wasn't Twitter's fault directly but there are definitely things they could do to make accounts more secure.

 

I'm sorry, but I'm really not going to get into details here. 

 

[burnttoastnice]

5 minutes ago, Stuff_ said:

For the sake of security, forum passwords are stored in a nice cryptographically secure manner, yeah? 

Go have a peep at the documentation to answer all your security concerns https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130

 

2 minutes ago, Digivoxel said:

They only talk about the accounts they are successful at getting into. They probably have thousands of failures and so far they have only gotten about 3 accounts?

I personally think the recent attack was done by someone who attacked us some time back under the alias Dem_____. He only DDoSed us anyway so no biggie.

 

I really worry about these big corporations that seem to like just dishing out users' information over the telephone though, there was this documentary on YouTube where a person called someone's cellphone provider and got them to hand over all the target's account details

[UfoPlanet]

2 minutes ago, Stuff_ said:

For the sake of security, forum passwords are stored in a nice cryptographically secure manner, yeah? 

Most likely unsalted MD5

[rm -rf]

4 minutes ago, burnttoastnice said:

Really don't know what motivates these groups to go after pointless targets, why can't they go after Keem or something?

& oh My server is still on 14.04.

 

This was the fault of a third party firm, according to what he said... What you're saying sounds like e.g. Google gets compromised and the targeted gmail user is at fault

Yeah, please can someone target Keem

[goodtofufriday]

1 hour ago, Daring said:

That isn't Linus' Twitter. It's @LinusTech.

 

I am not sure if it's safe to change our passwords yet, but they are actively trying to sell the forum database. Wait until we get word from @colonel_mortis before doing so.

I know. Theres just so much crap on there I can't imagine it being a real person.

[rm -rf]

2 minutes ago, burnttoastnice said:

Go have a peep at the documentation to answer all your security concerns https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130

I like my hashes salted, though why doesn't McDonalds put more salt in them to begin with?

[Lethal Seraph]

9 minutes ago, LinusTech said:

No, sorry. I'd been meaning to update it for quite some time, so this was a perfect opportunity to do so.

How about a video of Keepass or any good password manager software? You mentioned butner pw, did you wrote it down a piece of paper and someone managed to find that? Looks like you guys need to burn papers after all.

[Aytex]

im starting to think keemstar is behind all of these

[thedarkdad3]

3 minutes ago, burnttoastnice said:

Go have a peep at the documentation to answer all your security concerns https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130

You realize encryption can be broken and deciphered.  Hell Let @LinusTech pay me and my firm $30,000k and we will do it within a month. I somehow doubt he wants to get rekt again. hahaha

[rm -rf]

1 minute ago, Aytex said:

im starting to think keemstar is behind all of these

I don't believe that he would have the assets or knowledge to do this. Though he certainly seems to be profiting from it.

[Aytex]

1 minute ago, rm -rf said:

I don't believe that he would have the assets or knowledge to do this. Though he certainly seems to be profiting from it.

No, i'm starting to speculate he hired poodle/lizard

[bigdirtyjase]

Quote

and as I type this Yvonne is having a very heated phone discussion with the 3rd party responsible for the breach.

Hopefully not too heated...don't want to be stressed out.

 

I was wondering why when I woke up this morning and seeing twitter updates from Linus' account it looked strange...

 

Well hoping all returns to normal and no other accounts were compromised

[TheHogSmasher]

15 minutes ago, rm -rf said:

They have also made a public commend earlier saying that they were going to hack a YouTube channel with over 5 million subscribers and disable the account.

 

rm -rf isn't usable in current versions of Ubuntu, even if you are in a sudo terminal

Wrong. It's not usable in any sane linux distro unless you use --no-preserve-root.

[burnttoastnice]

5 minutes ago, thedarkdad3 said:

You realize encryption can be broken and deciphered.  Hell Let @LinusTech pay me and my firm $30,000k and we will do it within a month. I somehow doubt he wants to get rekt again. hahaha

I need to stress again, like I did in another thread, that hashing and 'real encryption' aren't the same thing. The hashing method IPS uses is more than appropriate for the forum login system - particularly because it's salted. This means that common rainbow-tables attacks are a dead end for skiddies.

 

In fact, encryption would be a weaker option, since a peep in the website code would mean R.I.P. passwords. Encryption is best suited for end-to-end connections where nothing except the two endpoints know the key. (e.g. SSH, TLS)

 

[TJarsun]

So, who can we send hate mail to??? Lets do a LTT Forum members revenge plan!

 

#ProbablyNotAGoodIdea

[SurvivorNVL]

This is why we need to just put Berkel in a fireman's outfit and have him guarding the server room at all times.

[lightningterror]

9 minutes ago, Aytex said:

im starting to think keemstar is behind all of these

That's what I also said a few pages back.

7 minutes ago, rm -rf said:

I don't believe that he would have the assets or knowledge to do this. Though he certainly seems to be profiting from it.

Indeed. He could also give the hackers a cut. Several videos on hackers it builds up view count and revenue.

Edited June 29, 2016 by lightningterror

[burnttoastnice]

7 minutes ago, bigdirtyjase said:

Hopefully not too heated...don't want to be stressed out.

 

I was wondering why when I woke up this morning and seeing twitter updates from Linus' account it looked strange...

 

Well hoping all returns to normal and no other accounts were compromised

 

I flew onto my desktop as soon as I got a twitter notification saying LTT hacked.

It's like 2am here anyway... Probably some GTA Online to cool down the situation then sleep...

[givingtnt]

38 minutes ago, LinusTech said:

On June 28, 2016 the Linus Media Group domain registrar account was compromised.

 

The exact methodology of the "hack" won't be disclosed for obvious reasons, but I can assure you that despite any claims to the contrary, the appropriate safeguards were in place on our side, and as I type this Yvonne is having a very heated phone discussion with the 3rd party responsible for the breach.

 

Anyway, the thing most of you are probably wondering about right now is what this means for your forum account or personal information, and the answer is very simple:

 

NOTHING.

 

The "hacker" simply changed the DNS settings in the dashboard and did not at any time have access to the linustechtips.com server. Any claims of a database dump are categorically false.

 

The compromised accounts - including Twitter - have been restored.

 

I hope this clears things up.

 

Linus

so basically he found the password to the twitter account, and nothing else ?