News Linus Tech Tips YouTube Channel Hacked to Promote Crypto Scams

Toggle sidebar Toggle sidebar
And it's only going to get worse, even as more and more people slowly realize what a complete farce computer security is. When the solution is always "Add more hardware. Add more software. Add more complexity", the result is always the same. The KISS PRINCIPLE has long been abandoned.
 
There are already many important channels and with several million subscribers who suffer the same robbery and by the same subjects, with the same Tesla farce.
This has been going on for several months and Google hasn't fixed anything.
 
  • Like
Reactions: heynow and Sleepy_Hollowed
Is today the ideal day to finally get back on YouTube?

Prompt: Generate a highly overphotoshopped and misleading technicolor picture with an ugly face, giving an expression that makes an overly positive ad for a forgettable mouse appear to be about the worst disaster in human history
 
Last edited:
  • Like
Reactions: heynow
At this point, if people have anything to do with crypto, I have zero sympathy for them. Fools always have money and they continually get parted from it.
 
tbh YT (Google) is issue here.

no plan for them have options to require authentication if new ip address is used.

they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
 
hotaru251 said:
tbh YT (Google) is issue here.

no plan for them have options to require authentication if new ip address is used.

they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
Click to expand...
Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

It seems like a major annoyance to the user with no actual security benefit.
 
Giroro said:
Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

It seems like a major annoyance to the user with no actual security benefit.
Click to expand...

Well usually the Gmail account password is the same as to the Google account isn't it? But yeah, by default, Google doesn't ask for anything more than the password and it alerts the user there has been a login from a new device, I guess it's up to the user to decide if they want some kind of 2FA...
 
Last edited:
I was wondering what the heck happened and then I came here to look something up and now I know. You would think they had 2FA enabled on the accounts. Mind-blowing stuff.
 
Nis Hollow Enterprises said:
I was wondering what the heck happened and then I came here to look something up and now I know. You would think they had 2FA enabled on the accounts. Mind-blowing stuff.
Click to expand...

Linus explained how this happened, someone in the office got an email, which seemed to be a PDF, but it wasn't, it was some kind of exploit, so when it didn't open they moved on but the exploit let the hacker copy the whole browser including the session key, so they were able to gain access to the Youtube accounts without even knowing the password... eMails with attachments are always risky, if you're not careful.
 
Last edited:
  • Like
Reactions: atomicWAR and Nis Hollow Enterprises
Apparently this happens through email spoofing. You get an email that appears to be from a legitimate company asking to work with you as a creator, or start some ad campaign, and if you aren't careful about verifying the emailer is the real thing, you can easily fall for it. This happens to YouTube creators all the time, someone just isn't careful, but can happen to anybody in any situation. For example, someone is selling or buying a house and then someone emails them pretending to be someone they are in contact with, and can end up sending money to the wrong party! Gotta watch those emails and verify the addresses actually match whom you expect them to.

Anyway Linus was back up within the day, Youtube was very helpful to him, and he made a video about it. Linus explained how this happened, someone in the office got an email, which seemed to be a PDF, but it wasn't, it was some kind of exploit, so when it didn't open they moved on but the exploit let the hacker copy the whole browser including the session key, so they were able to gain access to the Youtube accounts without even knowing the password... eMails with attachments are always risky, if you're not careful.
 
Last edited:
  • Like
Reactions: atomicWAR
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom