Apparently this happens through email spoofing. You get an email that appears to be from a legitimate company asking to work with you as a creator, or start some ad campaign, and if you aren't careful about verifying the emailer is the real thing, you can easily fall for it. This happens to YouTube creators all the time, someone just isn't careful, but can happen to anybody in any situation. For example, someone is selling or buying a house and then someone emails them pretending to be someone they are in contact with, and can end up sending money to the wrong party! Gotta watch those emails and verify the addresses actually match whom you expect them to.
Anyway Linus was back up within the day, Youtube was very helpful to him, and he made a video about it. Linus explained how this happened, someone in the office got an email, which seemed to be a PDF, but it wasn't, it was some kind of exploit, so when it didn't open they moved on but the exploit let the hacker copy the whole browser including the session key, so they were able to gain access to the Youtube accounts without even knowing the password... eMails with attachments are always risky, if you're not careful.