How YouTubers Are Getting Hacked
HTML-код
- Опубликовано: 26 июн 2024
- Protect your browsing with Guardio, plus get a 50% discount with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
• Article about StreamJacking: labs.guard.io/streamjacking-h...
• Article about MasquerAds: labs.guard.io/masquerads-goog...
▼ Time Stamps: ▼
0:00 - Intro
0:32 - The Scam Streams
3:32 - A Good Thing Indeed
5:27 - Speaking Of Google & RUclips
7:23 - The Malware
8:58 - Fake Sponsorships
9:55 - Scams I've Seen
11:09 - Fake Download Sites
12:26 - Some Tips
14:12 - Final Rant
The prevalence of RUclipsrs getting hacked is on the rise, leading to channels being hijacked and taken over, leading to fraudulent streams that present scams such as fake cryptocurrency giveaways. Several channels with millions of subscribers have been compromised. Hackers change the channel's name, profile picture, and even the @handle, which changes the channel URL. The hackers use a type of attack called session hijacking or cookie stealing, which means that they can totally bypass 2FA, then lock the RUclipsr out of their account and even change their password and remove their 2FA methods. Though the malware responsible for this has various tricks to avoid detection and can affect anyone. The malware gets to the victims through fake sponsorships or emails that include malicious payloads.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Наука
⚠️Here is another video I made about how to DESTROY the scam domains these hackers link to 😤😤😤: ruclips.net/video/0fIUiv9-UFk/видео.html
I think RUclips just got hacked in my subscriber feed there is “Tesla” which I have not subscribed to and it’s a live stream with Elon talking about bitcoin. No one can chat either since you have to have been a subscriber for 15 + years.
I should say that it’s just that channel itself and not RUclips
a few hours too late man they got linus already 😭😭😭😭
@@nerd2544 beat me to it
@@nerd2544 oh I see now rip LTT
you saw that uptick in traffic eh? lol
Hopefully now that it's happening to massive channels like LTT RUclips will be forced to pay more attention :/
Linus has said on Floatplane that they're working directly with RUclips to find out how to stop this for good.
@@itskdog Hope they listen. It wouldn't surprise me if a lot more people are gonna use remote acces keys in the near future to minimize these kind of risks.
Or at least prove to google the account was theirs to begin with if they get infiltrated on an active logged in session.
Linus has a great Team. He'll find a way to fix everything.
Yeah I think LTT is the biggest channel it's happened to so far
I feel that ThioJoe actually provide tech tips that is more important than LTT tbh
Every time I turn on my Smart TV and open RUclips the homepage is invaded by these videos... I believe that RUclips and browsers needs to take more advanced security measures!
Nah that's bc you watch them, but yes, they do need to take it more seriously
They don't care about us .
Stop supporting RUclips
They have no intention to stop it. Why should they, they get money when those play.
@@nflisrigged1395then y u use this platform
ThioJoe, RUclips videos can be downloaded. Can that downloading drop a virus? I finally did RUclips subscription because of ads.
Looks like this exact thing just happened to LinusTechTips. And yea, the powerless feeling as a person who cares about a channel is strong. We have to sit back and watch the hacker delist/delete videos and post their scam live stream while we can do nothing. I can't imagine what it would be like to be the channel owner right now.
Yes but it's finally recoverd
Yes. Like, how can we small channel owners even contact Google support once we got hacked (there is no way to quickly contact them because Google Studio support is, well, inside RUclips Studio). And where / what is the form / method to recover our account? I think someone mentioned there is a Google form somewhere to input to, but where is that - not sure.
This has happened where me and my friend looked up a streaming software and I luckily realised it was fake because it was an ad from Google. Google really needs to stop this
The real messed up part. Some of these people who hijack channels will outright delete videos on a channel. Unless their channel is important enough to be backed up or they have a backup of them. Those videos are gone forever.
This is exactly why I archive all my videos on my local PC and usb hdd.
They actually almost never do that. If they do, the views and therefore the ability to get the algorithm to recommend the channel are directly connected to the videos. So by RUclips connecting a channels view time and ad sense to the video itself, if they delete the videos, then they effectively just got a useless channel.
The strategy now is to private everything on the channel for that reason. Which is a good thing, because it means when people get their channels back they get everything back how they left it.
That is actually not the case, although they rarely delete videos for the reasons mentioned in the comment above. RUclips doesn't delete the videos from their servers, even if you delete them from youtube. I remember that they had tools with which you could get your videos, deleted or not, in the original upload quality. I'm not sure if they're still available, but they will definitely not delete video files from their servers for a good while because of reasons such as these hacks, and they can be restored after the dust settles down.
YT should be able to recover them IMHO, but that might not be the reality.
@@leonro I don't remember the source anymore but I believe someone said that the videos are actually deleted from atleast some CDNs
Sounds like Google could easily deal a crippling blow to the hackers just by requiring reauthentication for the password change request, but they don't/won't.
Sometimes one has to wonder just how much the hackers are paying Google to look the other way.
It's because they steal the password too. They steal everything you saved on your browser and most people save the password on their browser to not retype it.
@@robloxaalexx This RUclips hack/attack steals something much more valuable, your browser's session security token. This isn't the early 2000's where all you needed was to steal someone's username and password. We have 2FA now, a firewalled 2nd generated code that you get via SMS or through an authenticator app if you want to make major account changes, like changing account ownership.
Stealing password wouldn't do anything with 2FA as you still would need the 2nd factor. That's the entire point of 2FA, it's also why the SIM swap exploit started happening to high priority targets/individuals, far easier to social engineer someone at the cellphone provider than to break 2FA. And also why authenticator app 2FA has replaced SMS 2FA for a lot of people, it stops the SIM swap exploit.
With 2FA in play, even if they had access to the channel, they couldn't change account ownership unless they had the 2nd factor. This attack is more an exploit of Google's protocols. For whatever reason, Google doesn't force a 2FA reauthentication for an account ownership change allowing the hackers to completely bypass 2FA. This attack is dangerous because it bypasses 2FA, not because it breaks it.
@@robloxaalexx A lot of times saving the password also keeps you signed in so when you return to the website, it goes right in unless you log out. Amazon does this. It doesn't sign you out unless you sign yourself out. Even the app on the phone does this.
They do ask you to re-enter the account password. What are you talking about?
The hackers steal all the data in your internet browsers, including all of your saved passwords. It's why I don't save my passwords in the browser anymore.
They got me with a pishing scam a couple of years ago but Google sent me a notification that a new device logged into my account and I immediately locked down the whole account seconds later and I changed the password. They did manage to sync all of my mails and browsing history and all that. Google's actually much better than other websites/services when it comes to this kind of thing.
I remember a time when being internet smart boiled down to don't run any .exe or script files from unknown or sketchy sources. Good times.
Now it's that plus relying on multibillion dollar international companies to NOT be completely incompetent in their core business domain.
Seriously? No reauthentication for changing passwords or 2FA settings and no internal process for employees to verify and report hacking and abuse? This is pretty basic stuff that I can't imagine would have significant (if any) costs.
I legit once got a virus trying to download cheat codes for a GameBoy Color game. I know it sounds stupid, but believe me, IT HAPPENED.
That still is the best way to avoid getting hacked. Google should fix the 2FA bypass, but every hack of this style still starts by running an executable from a sketchy site.
@@isaacbejjani5116 i think the hackers are using your own devices to bypass the 2FA without you knowing it. I keep getting a 2FA on every new devices that I'm trying to login.
@@greatveemon2 all they are taking is the session cookie. There's no way to clone your device in the way you've made up in your head.
The correct response here to make sure this can't happen is to require a non-text (SIM cards can be cloned - text messages absolutely should not be used for 2FA), non-gmail email (Google session cookies would mean they should have access to that as well) 2FA to change security settings if you have changed IP addresses.
In other words require one from an account, software, or hardware that those people should not have access to.
I have seen some people (who should absolutely know better) stupidly suggest that they should require a 2FA every time you change IPs but that would just make things like VPNs annoying.
The vast majority of people are not going to be constantly changing their security settings though (and anyone who is has issues that this will probably help) so requiring it every time for that is fine.
SIM cloning and Gmail access are almost certainly what's going wrong here. So if they just require a 2FA that isn't those, 100% of the time you attempt to change security settings when your IP has changed since you last accessed it, there's no reason to suspect that they would be able to do more than minor damage to the accounts they gain access to.
RUclips doesn't care they are making too much money.
Thanks for the warning. Yeah, I am getting a ton of the fake sponsorship emails at the moment
0
What needs to happen at RUclips to prevent this
1) Channel Name Change requiring another confirmation by 2FA
2) Name change for the account blocks live streaming for 1 day
3) If the changed name involves Tesla SpaceX MrBeast hold the account until someone can look at it
Google have to prevent changing password without 2FA/U2F authentication. It is a standard procedure on bank sites. Why that basic "feature" cannot be implemented in other services?
@@Szklana147What makes it even funnier is that most lower budget and importance websites like online games and forums have that feature in place.
I would have 2) be a 1-week wait or so: 1 day isn't long for the scammers to wait, and I doubt many real account holders would be significantly hurt by having to wait a week.
@@andymerrett it's both
What if you lost your phone and you're still logged in? and when you want to change the number and password into your newly replaced phone but the problem is the 2FA is still sending the code to the phone that you have lost? And now suddenly google logged you out and locked your account after failing to enter the 2FA code.
In the short 2 months of this year I've already seen like 5 channels I'm subscribed to get hacked
The second you mentioned the scam site's claim of "doubling the crypto you send them", my mind immediately jumped to the RuneScape gold doubling scam. Glad we're on the same page!
Great vid by the way! I've seen this happen to a number of channels I'm subbed to and always wondered how it happened. Great to finally have some background on it!
It's ridiculous sounds especially a person the doesn't know how to used
Them knew technology.
These tesla live hijacks have gotten really common. I am subscribed to a ton of channels old and new. These last couple of years every 3 months or so I see one of these tesla live streams in my subscibtion box. I can usually figure out whose channel it is from either the about section or the community posts, they don't tend to wipe those. You mentioned that these streams can potentially be up for hours before they are dealt with, but actually I've seen some online for days. Even with channels upwards of 500k subs.
Happened to someone I watched. I didn't know who they were so I unsubbed from them until I learned what the channel was. He got his channel back.
Linus tech tips now
Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, RUclips decides to start paying attention to this.
Most likely, nothing will change. RUclips is not run by competent people these days 😢
not likely going to amount to any additional by YT to do anything about this.
@@geraldh.8047 It has been like this for a decade. So it's nothing new
Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, RUclips decides to start paying attention to this,
@@Theunicorn2012 Guys don't install Guardio chrome extension it will have full access over your browser, this means they are logging your COOKIES, PASSWORDS, Session Tokens , Refresh Tokens , Access_Token also. I do not TRUST guardio.
Your mention of doubling money in Runescape unlocked a core memory for me. Dude convinced me he had a secret dupe exploit and could dupe any item. I gave him my god staff. He kind of started at me for a minute, perhaps surprised that someone was that damn gullible, and then walked away. I learned a valuable lesson that day.
Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.
Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.
@@Theunicorn2012Copycat
Linus getting hacked now 😭
Came here from the LTT Shout-out 😁
I was hacked a few months ago using this method; they started spamming crypto-shit with Tesla and Elon Musk, obviously. Fortunately, i was able to recover quick and didn't lose any data. Also, lots of my favourite youtubers have been suffering from this in the last few months, in fact, it happened like an hour ago for one of them. Thanks for the video, really instructive and interesting!
I had to quickly download OBS a few weeks ago on my laptop and now I'm skeptical about downloading from the right source. Fantastic T-T
My go-to is to try to find it from a handful of (what I believe to be) safe download sites, such as cnet, or tomshardware. Some of those link back to the project's website, but that's fine. Preferred, actually.
Did anything happen?
i know you probably wont read this thio, but i just gotta say... please never stop making content. I know the views are down, and you probably invest more time than its worth back in monetary gain, but you make some of the best, most consistent high quality tech content ive ever seen. and your core subscriber base knows that, even if a video has 200k views or 2 million views, it's gonna be of the same quality no matter what.
one day youll be one of the greats. road to three mill.
Amen to that brother 👍🏾
yup!
Sadly, this is not a new issue for RUclips, for this has been going on for several years.
@iii___iii Damn that's a long time. I wouldn't be surprised if it actually started when it first came out.
It's true.
Why would I change a password for this person it's a unique password to
Each in individuals.
How did you prevent this
Thank you so much for all you do for everyone that watches your channel. Hearing about these scams has been helpful to me as my email was hacked. I am watching out for everything now. Thank you
This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration video.
You've always been ahead of the rest of hacks and scams. More people need to subscribe to this channel to keep up with the cyber security trends.
No subs let's all rss to remove its blip on hacker's radars.
@@HighestRank was that even English? I have no idea what you're talking about.
Let's remember the fact he used to upload satirical tech guides back in 2015-2017
@@Reed_Peer so?
This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration vidso.
You uploaded this video a few days after a couple of channels I'm subscribed to changed to that tesla bs (a few weeks between the two incidents IIRC) and just had to watch it. When I saw LTT channels being affected I immediately remembered this detailed video. Linus and team are also aware of it, but sadly too late. I hope his mention of you on their latest video brings more people to your channel. Keep up the good work
Watching this after Linus Tech Tips account hack is so bizzare
Saw your channel being referenced by LTT so I came over to find our more about how these scams are happening and something that sounds so preventable by having companies retype username and password again for any security changes.
As a webdeveloper, I must say it's pretty dumb that they don't encrypt the cookies including the user's IP (and maby other fingerprints), its pretty basic.
Even if the browser encrypted the cookie on-disk, it would still need to be decrypted at some point to send it to the website, so it can just wait until your browser decrypts then inject itself and scan the memory.
Linus sent me here, glad you are spreading the word on this. Too many creatives are having their livelihoods threatened by this kind of BS.
1:10 that's now Linus...
here after Linus got hacked also (successfully recovered and mentioned this video) 🙂
tbf LTT is also a toy channel, more specifically an RC fire truck channel
Thank you for keeping us informed of those techniques and how to get prevented!
9:00 Before this part, I had a bit of a moment of phobia of digital cookies of any kind, and I thought that's all they needed to hijack you. I was a bit relieved to learn that they didn't become that strong of a threat that not avoiding shady sites and ignoring scam emails can protect you.
For a moment, it was an irrational fear of digital cookies before getting to this part.
So did I.
Just realised i visited one of these taken over channels a few days ago. It was a live stream (and it was live) but realised id seen it before and comments were indeed limited to 15 year members which i didn't understand at the time. Now it makes sense. Didnt watch it long enough to work out their scam
sometimes I miss your trolling videos but like you said you got burnt out on them and videos like this are very useful
i missed this video but came here from Linux Tech Tips who got hacked and referenced this video, giving ThioJoe a shoutout
Definitely an interesting and informative video... yes I am aware of this scam (i watch scam baiting content and this has been covered, and one even got hacked themselves and covered how it had happened).
But you added more detail and is up to date, and reinforces awareness too :)
Which channel was that? I ask because I'm interested in the lessons they learned from being hacked. And what recommendations they gave to avoid it happening again.
Hi ThioJoe, there's another scam as well which impersonates the youtuber and tells you to download signal because you have won some type of prize and what they do is tell you to pay for shipping and you get nothing. Of course, it isn't as bad as what you mentioned but they still harass you constantly.
I call them cirno bots
Because some of them use same number with cirno AKA circle 9
I've encountered a variant of this where the scam account tells you to go to a Telegram account.
@@bitelaserkhalif Mmmmmm cirno bots
I'm a member of a channel that this happened to. He made a twitter post telling us. Plus, I got an email that my membership had been paused so I knew something was going on.
As a retired computer/Windows IT tech, I'm amazed how many people then and now fall for scams!!!! And, it will only get worse.....Great video Joe!!
Not all of us are geeks, it took me a long time to figure out how to get the drink holder on the desktop tower to come out, and calling geek squad to find out how to turn on the same desktop tower during a blackout to use the fireplace screensaver to keep warm until power came back on.
Aren't you just glad Susan is finally leaving who allowed scams to run wild?
@@zelowatch30 Cause the crypto bro that replaced her is going to be so much better 🙄
You got a shout-out from Linus of LTT.
Congrats!
ive seen one of destiny 2 content creator Toadsmoothie get hacked and after made a video about it, he stated a person who he inspired to become a ytber reached to him and aided him step by step on what to do and he got a physical key to his channel and thats one of the only ways he can keep his yt account safe
Apparently two of Linus's channels now
3.
Giving big creators the option to report hijacked channels may backfire. As soon as this new feature would be introduced, scammers could use it as another source to scam people out of their channels. "We've taken down your channel because of a report on behalf of x. Click on link y to be taken to the (not so real) report form", continuing the cycle as compromised channel owners will be like Yup. That's compromised, so that link must be real
Yup, as I replied in another comment, this very practice happens all the time in FB where digital mobs massively report an account so that FB bans it, and it is widely exploited because of the "anyone can report" policy. So putting a mechanism to report blocked/hijacked/owned channels is a bit more complicated than that.
I’ve been seeing a lot of channels I’m subbed to get hacked, thanks for speaking out about this problem
A lot of bigger channels falling victim recently and I was absolutely shocked that the cookies can be used from multiple locations and there is no 2FA prompt for changing the channel name or the 2FA methods. Security 101, you don't allow 2FA to be changed without authenticating.
REally appreciate your well informed educational vids...we NEED this info!!
What I got from reading Jason's response is that it feels like RUclips is so large and the number of people they hire to do all that customer support is also very huge that giving them all access to some form of internal admin system would be a risk in and on itself, or something like that.
You just described what happened to one of my favorite creators that I watch on RUclips. Her account got hacked and she couldn't even get back into it because they had changed her password. I am going to forward this on to her so that she does not feel all by yourself.
RUclips should give YT partners unique "self-destruct codes" that could be entered into a secure Google form or app without needing the account credentials or 2FA. Entering one of these codes would then automatically revoke all active session tokens, reset all passwords and restrict all managed accounts to view-only, notify an assigned YT channel rep (or general YT Support if it's a smaller channel), and _irreversibly deactivate the account and all associated channels for a set period of time_ , say, 24 hours. Having a one-way kill switch like this would allow YT partners to instantly lock out hackers and keep them out, giving them precious time to work with YT to identify the source of the security breach, regain account access, perform a damage assessment, and rollback any channel vandalism if necessary.
This isn't some new concept either. Plenty of websites allow users to end currently active sessions or suspend their accounts, either with a single click or by entering a password. The only thing Google would need to do is make these actions available to their partners in a way that is secure, reliable, and expeditious.
I like this idea. There would have to be some kind of waiting period to change such codes though to ensure the hacker doesn’t just reset them as soon as they get in.
do you have any idea how fast that'd go wrong? if people think youtubers hungery for that sweet google cash is bad now, just wait till that backfires and someone is goatse'd so hard they're pooping out dally the clones.
I got hacked! 7 years building channel, got 77,7k subs, and youtube terminate the channel! wow! I have do everything but they insist my channel have legal/trademark violations, so they terminated it! P.S : THEY KNOW the hijacker that do that, and I'm the owner is innocent. But they say they can't restore my channel. What a waste.
This is a dang informative video, even just regarding to how scams and virusses work.
There are some hackers that spam family guy compilations on the hijacked channels. Very ridiculous.
Web servers should not authorise cookies which are being used from an IP that is in a completely different country. .
This protocol is pretty easy to add. .
I was watching an episode of hak5 about session hijacking. The only way I can think of to get around that kind of attack is setting up your browser not to remember anything. But then you would have to log in every time you access RUclips. Even then. Your session is still saved every time you click on something otherwise it would log you out.
It’s not practical to not store session cookies because then every user interaction with the remote site will require reauthenucation. Probably the best RUclips could do is have a defined set of actions which *always* require MFA like changing the channel name or password.
@@MaxPower-11 Shouldn't even require MFA. Not everyone has that enabled. Should require you to log in again, and MFA if you have that enabled.
@@S_Roach The reason why MFA (vs. just re-entering the user’s password) would be highly preferred in the scenario presented in the video is that if the victim is infected with malware that’s sophisticated enough to steal local session cookies, it could potentially also capture the current (and new) password when it is entered by the user.
Honestly for the time being this world be the only truly effective solution until something is done about this.
Linus tech tips just got hacked lol
This makes me question of Google/RUclips has a security department. Even if it's one person, they should be on top of these issues.
This makes me question of Google/RUclips has a security department. Even if it's one person, they should be on top of these issues.
@@Theunicorn2012 Guys don't install Guardio chrome extension it will have full access over your browser, this means they are logging your COOKIES, PASSWORDS, Session Tokens , Refresh Tokens , Access_Token also. I do not TRUST guardio.
Thanks for this, Joe. Keep up the good work!
Thanks for your insight on this. So to reduce the risk on getting hacked we could also just log out from our login session. Or delete the cookie manually so we have to use 2FA next time. Like a workaround. But ofcourse it starts with not downloading malicious software.
Furthermore it feels like RUclips support team is being (partly) hired or run by external companies. Some support staff don't speak correct English, don't know about their own FAQs and I had to tell them what was in their own FAQ. Especially with chat support.
I saw some videos about the hack mentioned here and read a lot of comments! This is the first time I see mentioning this logout approach...
The local cookie in your machine is tied to a session in the server! If you log out from your machine, that session will stop working and the stolen cookie will have no use anymore! Hacker will not be able to access your account anymore!
Is there something wrong with this approach? I'm not an expert, so I'd like some validation about this. Thanks.
@@takufner As a software developer I can tell you that just logging out from your machine (read: windows log out / shut down) isn't enough. Your cookie is stored locally, and it's stored, so it's somewhere on your PC and remains until you remove the cookie or invalidate the cookie.
By logging out from your RUclips account, the cookie will be invalidated. Or you can delete the cookie manually (and after refresh, you will be logged out).
Or you can use incognito mode, so it doesn't save the cookies and only use the cookies one time.
But thinking about this approach makes me uncertain if it's 100% waterproof. What if you log in again, and at that particular moment the hacker comes in? Then he will have access probably.
My approach would probably not give 100% safety, but might lower the risk of getting hacked. Especially at inactive moments on RUclips (like why would you keep your logged in session open while you're not even using YT that day on your PC).
Even more important is keeping hackers away. My approach is just some theoretical thought of me :)
Are cookies and local storage currently secured in many cases? Or can pretty much any running process access them? If it's used for session initiation/management/tracking/termination, I think said files should be protected by access permissions and/or encryption. Maybe guarded by a credential management account on the OS? No automated access to said data?
Coming back to watch after LTT got hacked, media companies seriously need to implement solutions to solve this annoying problem.
Like what? This the most 90s problem ever: if you get an attachment: scan it with an antivirus first? these days can even use your favorite cloudbased email. gmail, or skydrive or hotmail or what ever else is out their to check files.
LinusTechTips just got sniped with this
This is very important video for each RUclipsr thanks for making this video THIO
Hackers don't just "get in" like they do in the movies, the victim always has to allow them in by downloading a file or clicking on a link. People need to be more careful...
What to do exactly Mate
This just happened to Linus Tech Tips
And now, Linus Tech Tips is the victim to this. I actually had few of my favourite RUclips channels or channels that I subscribe to that had their account hacked to promote crypto, Tesla, or something. Aside from Linus, one channel focus on making satirical VHS videos and one had over 10k subscribers. Fortunately, both eventually got their account back.
On a side note, I am also a victim of RUclips account being compromised, but thankfully, my account did not get changed to promote illegal schemes. In fact, RUclips and Google temporarily disabled that account to protect it from crypto or Tesla hacks. This was one of the most stressful times of my life because my Google account is important for me (not just for you to but also for keeping photos and keep notes), but thankfully, I got my account back.
A+Start just got hacked today using these techniques. One of my favorite channels to watch: gone by some stupid scammer scumbags.😡 Stay safe!
This was one of the most informative videos i have ever watched concerning scams. Thanks so much, youtube needs more videos like this one!!
and now LTT is hacked by the same guys
I'm very worried for all the channels that don't get brought back.
I wonder why scammers are targeting content creators. what I am learning from your video is that we need to be really careful about the sources of the files we are trying to download from the web
5:45 I love how the man is just slapping his laptop like that's gonna do something 😂
Who came here after waching Linus channel hacked?
I had this happen to me and I lost thankfully only $130. All my passwords and accounts were compromised and thankfully I knew pretty quickly what was going on, so I changed all of my account's passwords. (Had them all in an excel). It was so strange to see my youtube account posting tutorial videos, and quite scary.
It could have been a lot worse, Don't download sketchy things!
Use a local password manager. Like KeePass or something.
@@kunka592 That would be wise and probably easier, but I enjoy being able to store other stuff too (eg. 2FA backup codes & such)
Or you could just simply not shill garbage to people.
You know who this wouldn't happen to? People that only work with products that they actually know meaning they're far less likely to be caught up in this because they'd already know the signs that it's a scam.
If you're willing to shill random things for money you deserve to lose everything.
I've seen this before, same as you said. They receievd a sponsorship email, clicked on the link and the hacker changed the channel name, banner, locked out the owner of the channel and put every video on private. The hacker started a live streamed untill it got banned by the utube AI. Crazy part is the Channel owner was not responsible for the hack, hes assistant who had a been added as a secondary owner was the one who clicked on the link. After sone time the issue was resolved but in the meantime when people see a channel name who they do not recognise who streams crypto stuff people unsub.
Thanks so much for alerting us to these tricks. You do it well and it is appreciated.
Found out today, someone tried this on me. They failed as I am a tiny channel and it really was not relevant.
Here from LTT. Learned some really useful stuff today, thank you
Finally, someone speaking in detail of this.
What else is left to talk about? Comment bots, scam bots and now this.
RUclips needs to do something, pronto!
thanks very informative liked it bro love you does this attack the small channels ??
The cookie thing makes no sense to me because the website can still check for the IP and browser ID. There can also be ways to identify a device, to see if it's one that was used before or not. Lastly, settings should most definitely require verification. I definitely agree with the end of the video.
There is not really such thing as "browser ID". We wanted to remain anonymous, ya know.
@@johncoops6897 There is if you look it up. But outside if that, haven't you seen "Trust this browser" or "Trust this device" before? There's all sorts of tracking methods, some of which have existed for over a decade. There's even new technology being developed to rely less on cookies.
I watched this a month ago, can't believe LTT/Linus would be one of the latest victims.
I'm also a victim of this last year.
I watched this a month ago, can't believe LTT/Linus would be one of the latest victims.
I would like to see an update where there are the options for following, and the user can opt in -on a slider or something like windows UAC-thinking about the most stricter options (and branded as heck as the handles were):
-If you want to comment you have to give your password once a day (minimum time-value, can be longer auth-ed period),
-If you want to upload, or stream give a 2fa confirmation, every time (eg because of mass upload listings or preparation: 1 hour cooldown, when the system asks again for it (running stream auth.-ed)
-If you want to delete, or change anything serious (name, handle, profile pic, videos etc) full 2fa.
The modifier of this switch behind a full login+2fa.
I bet many of the stolen channels' creators would live with these options. For a normal youtube consumer not a real issue.
Thio with the Runescape acknowledgment - the _exact_ same thought I had when I first heard people were falling for the "doubling your money" streams.
More people need to develop a crippling addiction to MMORPG experiences so this can all be avoided.
If Google and RUclips are very serious about the safe of their users then they should start to take down these channels before user click something that malicious or a scam.
I'd like a copy of Being Skeptical As Heck 2023 Pro 3 year edition please
Which brings us to a paradox, as many legit companies don't check their communication to see if it could be perceived as spam. I once ignored a legit sms from a collection agency because it had a spelling issue (the collection itself was an error in their system).
I remember one of my favorite channels, Joel G, got hacked by a testla crypto scammer. I'm glad he got his channel back but I saw a couple of other channels I'm subbed to got hit by them too, some luckier than others.
Just seen 1 of the channels i follow has been Hijacked by Crypto, channel name was mickeybeam, they uploaded music videos. Now Renamed to @Teslatwitterstreams_ 😨😨😨😨
I check the community post tabs to see what the channel once was. Usually that stays when the videos get wiped
If you’re using any browser in Linux, Google does ask for the current password in order to continue with sensitive changes.
I think it will ask you for the current password every time if you’re logged into an account under incognito mode, which in this case would be the bare minimum.
Exactly , that's what I thought , this only affects Windows users then.
@@AkiraElMittico - Rubbish. It has nothing whatsoever with the operating system.
So if the hacker that has compromised your account and is now trying to make sensitive changes _isn't using Linux,_ it's useless.
Doesn't make any sense. This isn't related to operating systems.
Here after LTT got hacked and just got back up. Gonna keep this in mind, eternal vigilance and skepticism.
Many thanks for alerting me to current scam techniques. Like you I am a skeptic to the point some might say of being paranoid. But my roots in taking care go back a long way to the days of 8" floppies. Backup, backup, backup was the battle cry of the day. It still applies but malicious web-based attacks are a whole different ballgame. When I first learned to program it took little time to realize that the only people who control computers are the people who write the programs that run on them. So again, thankyou for taking your time to bring modern gotchas to te attention of anyone who cares.
The first thing that comes to my mind when I hear a channel for hijacked is UTTP
Btw what happened to the audio track feature?
Saw those same fake Elon live streams a few days ago and was wondering what was going on. Thank you for the information!
A couple RUclipsrs I watch were hacked in this way not too long ago. It turns out the hackers didn't mess with the community tab though, so I could figure out who it was that way.
I saw a comment about using a hex editor but that is kind of "difficult' for a regular user.
Another way to remove that empty space that makes the file larger is to take the exe and compress it, once it's compressed without a password you can upload it to virus total and check it.
The malware regularly has a password to avoid getting detected.
Now nexus gd got hacked...
Tech tip from Linus: Watch ThioJoe 😂
6 years ago this wouldve been the worst tech tip ever lol
@@pizzaboxer I love the old ThioJoe. He was so funny LOL.
Yea bro , I agree with you , I had a youtube channel of Windows TIPs and had around 50k subs but it got hacked . Tnx for sharing the news
That a session hijack can allow the hacker to change passwords, 2fa, delete videos, create stream keys... is brutally big BS.
how's is it BS ? lol ?
i've done it tried it on my friends, i distributed a exe netflix account checker, many people thought it was a real account checker that will getr netflix accounts
but instead it logs everyone cookies, passwords, etc , even their files and were uploaded to me on a webhook discord.
This is REAL dude.
Who's here after the LTT hack?