Thank you ALL for your constant support! And thanks to dbrand for sponsoring this video. Use code FIVEFOOTONE at shortlinus.com for 15% off everything site wide. ► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane ► GET LTTSTORE MERCH: lttstore.com ► GET LTX 2023 TICKETS: lmg.gg/ltx23 ► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners ► OUR WAN PODCAST GEAR: lmg.gg/wanset
As someone who had a channel deleted (albeit in a different way), I sympathize. Glad Google had your back and I wish they were as responsive for me (took a week, but at least they restored it). - It's good to own up to mistakes; others will learn from this - Perhaps link to the advice you quote in the video and not just a shout out to ThioJoe? Keep up the good work.
I agree with you GreyAye. This is an impressive display of emotional intelligence. Managers and leaders everywhere should take note. This video should be featured in classes at universities teaching the subject. Linus is a role model in this case, FOR SURE.
@@jeremy-b Linus clearly said it's as much as a problem with RUclips as with his company. Also with your logic even TFA shouldn't be a thing, because "dOnt LeaK yoUr pAssWord gUys".
Almost happened to me but caught quick. Then a month later it happened to my cameraman who has a small passion channel. I felt so bad but used my size to help him get it resolved quick. It shouldn’t be like that, smaller channels are just as important and should be able to get help quick. Let alone the amount of poor people who got scammed
Thankfully the hack was resolved quickly, thanks to you! You are a true friend I feel bad for small channels who get hacked, they just get wiped off the face of the earth and replaced by Elon Musk NFT Bitcoin Tesla Free Double Bitcoin streams.
As someone in the cybersecurity industry, thanks for being so open about what happened, and bringing awareness to the technical elements involved. It CAN happen to anyone, what really matters is how you react.
Dont pirate tools and redline won't come to meet you :D Who takes advise from this fool anyways, got a team behind him 1000s of pounds of kit and the noob gets cookie jacked hahaha
What do you think of time of day based functions being limited and requiring authorization by 2fa + offline scanned paper laminated qr code with a 7089 digit password? Sure, the cell carrier can be socially manipulated to enable a 2fa vulnerability but you can't hack what is akin to a cold crypto wallet that is offline.
They should send the PDF to some security researchers, if not the community (with a warning that it's live malware, of course). Getting current samples for stuff like this is huge for establishing ways to defend against it or identify it.
I love how DBRAND jumped at the chance to completely troll Linus in his hour of need. Whomever is in charge of their social media must be an epic troll.
@@HunterVibez lets be real English is broken glass full of small particles none of the particals are perfect and it cannot be molded to be perfect for everyone so just mold it to be perfect for you and make it understandable for others
@@HunterVibezidk if I'm an idiot but whom is the object form. wouldn't that be "Whoever is in charge" seeing as in this case "Whoever" is the subject?
Man, my guy was so focused that he forgot to put clothes on. So much dedication to the channel. We would’ve felt the same, and were so glad you’re back.
Another problem is that Windows likes to execute code from a non-executable file extension. It shouldn't execute ".pdf.exe" or ".exe.pdf". If it does anything, Windows should call the PDF software assigned to the PDF file extension, not execute the file and let it do whatever it wants. I wonder if this virus will get named LTT for worming its way into the LTT office.
That's not even the biggest problem. You can have unicode characters in file names. Seriously. Who wants a smiley in their file name. It also allows for the left to right override to exist. Which is also an huge security issue. But the actual worst part is that .lnk file extensions don't get shown. They can easily just download the malware via powershell and run it. Which is why I currently don't have the command prompt or powershell on my system. I only place it back when using sfc /scannow or when I just wanna use the command prompt.
Tremendous respect for Linus for not only the transparency around what happened, but the strong leadership of saying "this is ultimately on me and not the employee who made the mistake that allowed this to happen." This is what being a responsible boss looks like.
It's just common sense. You have to expect people are idiots (and some phishing can look very realistic depending on the situation). I work in it security and happened to click on phishing link because it really looked like related to some internal processes. Even with awareness you can never be 100% phishing resistant.
@@bencze465 i recently got what i belove was a scam sms from my insurance company, 2 months later i got a call and turned out it was really from then i was way past the paying date
you can really tell this man has had a rough day, starts out by stopping a cyber attack and finished by spelling ONE O-W-N-E. he's completely tapped after today, truly an inspiration.
dude is incredibly bussiness minded. Found out that people were stealing his videos and posting them on a mainland Chinese website so he contacted and hired them to make official translations of his videos and post them over there legally. If you guys search for his reaction video to Chinese pc setups, you'll find him talking about it over there.
I really appreciate you verbally clarifying that no disciplinary action will be taken against your employees. Whoever it is, their world must have come crashing down when they realized what they'd done. I wouldn't be able to sleep at night. Being a calm, understanding employer is something the world needs.
even then, how some of these scams work is by the scammer pretending to be a legitimate sponsor, with either a spoofed or faked address and a link to download some info on the sponsorship deal/contract, which is actually a Trojan horse that then uses your computer to hack the channel.
My 33k sub channel got terminated 3 months ago with the same Tesla scam. It took a week to get out google account restored but we still haven’t gotten anything other than “it will be reviewed” on our YT. Very frustrating
Honestly, I think it will take him a while to recover from this. Not just because of his 10+ yrs worth of work gone for a day, but also because all unlisted and privated videos are shown for an hour. Enough time for some people to download all of them
"Shit rolls uphill" There are a multitude of reasons you and your team are so successful, but this statement on its own is most certainly one of them. That mentality CANNOT be overstated. Bad stuff inevitably happens to everyone, but good things happening to good people makes it all worth it. Thank you for sharing, Linus.
This isn't a mentality you can teach. Great leaders will always fall on grenades for their team. Even when, objectivity, the team is truly at fault. They never seek blame; they seek resolution.
As a software developer, I really appreciate it when a detailed breakdown is given like this rather than just "my PC got a virus, then my RUclips was hacked". So to say thanks, and of course for getting the channel back up in such short order, I went ahead and ordered some goodies from dbrand using the affiliate link 😁
Linus being more or less calm and taking responsibility for his employees' lack of training is refreshing and a sign of a great boss for the long-term. He realized that his org needs more help in training and prevention, and takes ownership that the buck stops with him. Kudos on handling a super stressful situation with naked-grace lol.
If you wanna hear about when Linus went off the deep end, look up the clips from they’re podcast of when they moved his furniture. It’s nothing bad. Linus is about as wholesome as you can get as a boss
The best company I ever worked for, had a similar thing happen to them. A phishing scam to accounts and £48,000 lost in minutes. No repercussions against the employee, apart from their own self imposed trauma, just a re-evaluation of process' to avoid that and similar events from happening. A good management team learns, a bad one blames.
@@Youchubeswindon But in the case where it is drilled in to employees heads and they still fall in to such a trap, they should definitely be blamed.. most companies do make their employees aware of phishing and similar scams, malicious emails, it's pretty basic stuff. If you're not competent, and they could replace you for someone who is or might be, that's what a successful business needs to do.
@@otallono I don't think thats a good way to see the situation. If you owns a big company you MUST provide excellence training for everything is important in there. Social Engineering is something really underrated, as phishing and other hacking tools aswell. There are ways to hide malwares even in images, so yes, you need to make sure every of your employees, mainly those who have enought access to cause a problem, knows whats he is doing and to recognize problems when them happen (ie: if Linus' emplyee had noticed the redflag when opening the malicious file, they could act fast and solve the problem in its root)
This same thing happened to me and since google took forever to verify it was actually me they said “we don’t have data from your channel that far in the past” I was so confused because I contacted them as soon as I seen my channel changing. And I worked so hard and just hit 100 subs in the channel. Now I have to restart with this channel and all those all nighters and skipping hanging out with friends was a waste.
Imagine losing your whole channel, and within 24 hours you have a professionally scripted, shot, and edited video, detailing the whole thing, full with sponsor and additional topic notes. Congratulations on getting the channel back up and running so swiftly. I wish everyone involved a very nice long nap and weekend, and a very satisfactory salary. Good job! Looking forward to the WAN show!
Idk man if you're a tech guy and you believe that elon musk is hosting a stream on LTT's channel and doubling your bitcoins, you deserve what's coming to you tbh... I mean come on, that's some runescape-level scam.
What's wild is that this can happen to literally any of us.. but when it happens to us, we (the average person) probably won't ever get our stuff back because we're nobodies in the grand scheme of things.
Admitting that it was lack of training and not just the lower tier employees fault speaks worlds about how good of a leader you are. Been a long time subscriber, since the days before the office existed, and it’s been good to see you stay humble and treat employees as equals rather than numbers.
I agree. I've only caught 5-6 videos in total from this channel, and I wasn't subbed before now. But anyone who is in charge of other employees and can acknowledge the true issue and work together with employees to prevent the issue in the future, instead of just firing the employee, has my respect and my sub.
actually went to their site to by something. Realized i fix all my stuff so it is all old and Dbrand got nothing for them. Got a REALLY good laugh browsing their stuff, i can actually feel it in my lungs. I am going to get something the day i actually have something that works with dbrands stuff
Kind of amazing to see that you've got yourself to the point where you could post this calm analysis and reflection already. Lots of good stuff in here - especially: Get a breach response plan together - it doesn't need to be all that complex - (Prepare), Identify, Contain, Eradicate, Recover, Review. Knowing that you know the steps to work through is a HUGE benefit when you are up against an emergency. Your considered approach to disciplinary action and further training. The person who slipped up this time is now *far less likely to do that again* and may actually be an asset in working to prevent future breaches. Battle Hardened.
Huge respect for taking accountability and pledging to train newcomers instead of blaming them and taking disciplinary action. LTT seems like a great place to work - keep it up, very mature leadership :)
This happened to us last week due to a virus on the computer from one my kids, where my session was indeed hijacked, my google account taken over and my band's youtube account to run a Roblox scam (tricking people into into downloading a Roblox mod that had the same virus in it). Last week was really stressful, happy to have my account back now. I will say though that the way to get proper youtube support is really, really bad...
The most impressive part of this video is the line: "Shit actually rolls up hill" in the organization. So many teams play the blame game of "whose fault" rather than take responsibility and build processes to learn from real mistakes and prevent future ones. Super impressed to hear that.
my favourite is the companies that say this UNTIL something goes wrong and you find not only does shit roll downhill those downhill get blamed for any thing they can't quantify.
Thank you for turning a terrifying event into an educational video! I am glad that everything worked out and this community's response was just as incredible 🎉
I have empathy but I also have more empathy for the sole sysadmin they hired only in January, someone who probably has been pulling their hair out trying to improve security in an organization full of people who are usually the most dangerous, the tech nerds :P
@@Redhawk_CS Yes, everyone needs to treat security as they would a fire drill, and practice what to do when it happens. The most obnoxious part about security is most of us have at least 50 accounts that all work completely differently and have unique security policies/changes in place. Security is in nowise standardized so what you might do for a Google account can be completely different from say a Microsoft account, or some random other website that implements their own security practices. This makes training for it hard, when you essentially have to have several if not hundreds of different types of accounts that work differently from each other. Perhaps its going overboard to expect individuals to do this for every personal account, but at the very least we should be practicing this with the accounts we use for our businesses and livelihoods.
Glad you got this sorted! You can actually disable all forms of two factor other than a security key by enrolling in the Advanced Protection Program. I’d highly recommend all RUclipsrs do so. There does need to be changes for this type of thing though. Even to start there could be more limited channel permissions, it would be a quick change but go a long way.
I wish there were a few more simple things in place. IP lock for the 2 or 3 places I actually upload from (selectable by me). Behaviour tracking (like, hmm, this doesn't seem like you is it?) That kind of stuff.
RIGHT MY MICROSOFT ACCOUNT GOT HACKED AND I SAVE ALL MY PASSWORDS BUT IT CAME FROM RUSSIA BUT APPARENTLY THATS NOT SUSPICIOUS AND 200+ ACCOUNTS GOT HACKED including the one I’m using the write this comment it’s so ridiculous…
@@smithcrossland441 Bro I got hacked from Vietnam of all places both my old emails I don't use, my facebook (got the facebook back but don't know enough information about the activity on my old hotmails to get them back), NO MICROSOFT I AM NOT IN VIETNAM lmao
@@cruxiaercreations8578 Don't be an idiot, PDFs can't do that. He had his file extensions hidden and thought it was a PDF in a fking TECH COMPANY lmao.
Dbrand is like that friend who constantly teases you but would get in a fight to protect you. Glad to see the channel is back & thanks for being so transparent
At least you got your channel back. I lost my channel permanently after it got hacked, I think it had a name change too. Ever since that incident I started using Security Keys.
five foot..owne? hmmm I'm seriously glad that everything turned out to be okay for everyone at LMG. Amazing job everyone in response to this. Looking forward to more content in the future.
I'm most impressed by your willingness to turn this into a teaching moment for that employee rather than pursuing disciplinary action. It really says a lot about the work culture you've been able to build at LMG.
00:00 Linus Tech tips channel hacked and used for cryptocurrency scam 02:10 Two-factor authentication has vulnerabilities. 04:08 A malware attack can steal session cookies and login credentials from locally saved login details, by taking advantage of browser sessions. 06:08 File extensions should be double checked to avoid cyber attacks 08:00 Google's lack of communication during crisis causes frustration and opacity 09:42 Changes needed for improved security options on channels. 11:26 Online banking websites usually invalidate login sessions in a few minutes while social media platforms tend to keep them active for longer, potentially leading to security risks. 13:12 dbrand helped LTT recover from a hacked account and sponsored a video Crafted by Merlin AI.
Exactly this, I know of two that suffered the same fate, from the same vector of attack, but only restored their channels because of others in the RUclips partnership program
Unpopular opinion: What is RUclips supposed to do? There have to be like two billion accounts on here. Are they going to hire 100 million account managers?
@@yrobtsvt They dont need to hire account managers. Just revert that account to a previous state, invalidate the session token by forcing all devices to log out and change the password.
@@yrobtsvt Or come up with an actual ticket system so people can at least get their problems looked at eventually rather than relying on friends and Twitter? Or some better security features? You're talking like it's unreasonable they would have to actually help their users just because of their size. Even the biggest corporations in the world have customer service lines where you can call and get help eventually.
@@Toastybees To point out how it's entirely possible to implement something like this, Steam support used to take IIRC about a week to get back to you. I remember because my account got locked in 2010. But once they did they were very prompt about helping me. Was it really annoying it took so long? Of course, but it's far better than nothing, which is what RUclips creators seem to typically get. And if a smaller company like Valve can offer such customer service (they're actually far more prompt now days), then a monstrously huge company like Google has no excuse.
I love the honesty and sharing with us that your organization also got hacked (just like many big organizations). Theses tips are extremely valuable and should be implemented by everyon.
It makes me really have some respect for Linus that not only did he not blame that employee, he said there would be no punishment or reprimand. What a class act
I love how Linus puts in the fact that no one is getting fired for this and that it was simply a matter of the knowledge his personnel has and actually takes accountability for his own mistakes. Really goes to show how good of a boss he is and that he's willing to take responsibility and better train his employees so things like that don't happen again. Props to you Linus 🙏
Nah it was the loop hole in the system 😞. If they use different email contact than the one that linked the youtube or maybe use 1 special computer to check the email only shouldn't that be resolve? The internet nowadays getting scarier with only opening PDF or any untrusted file can just copied our stuff in the background
He says no one gets fired, but he obviously didn't have proper anti-virus like Sophos or Webroot on his employee's machines, so even if someone did click on something dumb it's his fault for not properly security his devices. Linus has the security know how of a home user, but at least he does seem to be a chill person. He should hire an IT professional to oversee his environment and save some headache... Or maybe he is happy stuff like this happens because it gives him things to make content about?
It's like you need a separate computer with its own address to be in contact with sponsors , totally isolated from other computers . Yeah its a pain in the back , but when there is no access ever made to the creative part , there is nothing anyone can use .
@@pete_lind hacked by downloading a file. That no one thought about that... That trick is as old as computers itself. Seeing my work tasting it's employees on it regularly. But yeah besides the extra security. Separating prevents a lot. Excellent tip in general, even it's just for yourself,
those who blames mistakes are fools Linus know that, so instead of punishing the guy who made the mistake he uses it as a learning factor to better secure and improve the company
@@pete_lind We have that in our firm, actually a cheap setup but a pain for us employees ... we can´t goof around in the internet. I have no internet access, I am only allowed to use the software intended for my work plus the fact that the server my work is stored on isn´t connected to the internet either. I think we only have two computers with internet access and they are both strictly regulated .... and we are nobodies in the big picture. I think my boss is paranoid.
I've never had a job where shit didn't roll downhill, I think shit only rolls uphill in tech because the people are smart enough to own responsibility. In Healthcare it is all about liability which leads to fingerpointing and the people at the bottom take the blame for failure even when there is poor management and lack of training
@@elijahdungan3612 Haha, that's a very interesting take on the healthcare industry. That means the only ones who rise to the top are the ones who manage to keep themselves clean. Ofc, nobody is perfect, so who did they blackmail to get where they are? amiright?
Publicly stating that, no matter what who or why, sh*t rolls uphill and taking that responsibility is an impressive thing and just adds to the respect you have as a boss. Kudos.
Not just as a boss - but as a business owner, as a content creator, and so on. That willingness to take ownership, and ask "what could I do, to improve the situation" is such a good attitude for becoming successful.
Five foot oWne! You've really had a long day Linus! This was quite a shock to hear about, I was quite upset as I've been a fan for many years now & loved the content. I'm glad you were able to resolve the issue so quickly without any long term damage or loss of content. Thank you for spreading a bit of awareness & giving some tech tips to help others try avoid the same scam.
I know I’m months late, but good job getting this under control. Good job admitting where you went wrong, and I completely agree that these companies need to offer better security measures. For example, my bank (yes, my BANK) doesn’t even have MFA as an option.
I'm a security data scientist for a bank, which most of the time makes me feel pretty paranoid about the level of care I take when dealing with digital content, but stories like this make me feel a little less crazy.
You should get even more paranoid depending on your levels. Keep your nogging working and thinking about ways to avoid trouble. (Of course, only if you can deal about that. No use stressing over things you can't deal with.)
@@mattsopiratoso790 Oh I have to be plenty already. I don't know whether it's because of my job or just really advanced data mining, but I've had emails and texts sent to me that used very tangential details about my life to sell the illusion, and my employer has told me straight up that they've found bounties on me and my whole team on the dark web. And I don't even have any real power or anything lol. I'm just a convenient potential entry point, like a lot of others. It's creepy to think about, but that's where we are today. The sophistication of black hats has increased to an almost unbelievable degree.
@@jamesstack7237 Oh come on now, some of my best friends are sys admins 😁 Actually, I would think your value as a target would be even higher than mine. My code runs over sensitive datasets, but I myself don't even have access to them. Typically I only have access to extracts in dev and it's our devops guys and gals who have access to silver and gold that place my code in production.
Glad you’re back! It’s great that RUclips can restore the channels. As few people as possible should have access to the admin privileges of the channels. It was amazing to see those super chats warning people! I’m glad it’s all sorted now. Welcome back ❤
You can see how much he cares about the organisation by the emotion in his voice, especially when he expresses his gratitude. No wonder he turned down 9 figures for it all - this is his baby and he cares about his team. Even had me a bit misty.
My account got hacked a few weeks ago. I've reset my password, but I still log on to my email everyday to see hundreds of vague sent emails which I obviously did not send to people I do not know. I've changed passwords several times but the mass emails is still been sent... Right now I'm tempted to deleted the account but I don't want to loose my RUclips channel. Can anyone please help?
His family weren’t taken hostage - Jesus Christ you fucking nerds make stuff like this seem like the apocalypse. You gonna say he got PTSD from it next?
The fact that Linus and his team were dealing with being hacked and still managed to crank out this long and in depth of a video that's well edited is seriously underappreciated. Big props to the team for filming and the crazy fast editors for this video. Glad you all were able to get the channel back so fast.
One of my friends worked on his channel for over 5 years and had it going good. Later it was hacked by someone in Bangkok and Google never responded to his emails because he was only at about 100k subs I guess. Not a big channel but 5 years of work all gone! Google needs to do something about the lack of service support.
So impressed by this response. Explaining what happened, taking responsibility and not just blaming subordinates, making constructive recommendations, and showing gratitude and grace. Masterclass in what I’d want to see in leadership.
Ah yes, O-W-N-E = ONE. Glad that your channels are fine. I didn't hear about it until now but it's great to know that the LMG crew still has channels to create awesome content to (:
5:47 , OMG this same thing happen to me. I was downloading a mod for a game, then the file kept closing and wasn't running. So then I decided to uninstall that mod. The next day all my accounts were hacked, Epic games ,google, riot games, steam and twitch. The only thing they did was change my Epic games email. When I manage to get all my accounts back they haven't stolen anything.
Session tokens should be reconciled with IP address. Google engineers have just prioritized inflating engagement KPIs cause that’s how they move up in the organization.
@tayzonday would that make not make it less secure since it being stored locally like it is right now means that they would need an in to your device, but with it being linked to IP they would be able to get that info by just finding and connecting to your IP address? I am just asking I'm studying Compsci in Uni so I was just wondering
@@partsonmutambudzi386 session token being linked to IP address doesn't mean the IP is used for authorisation at all, it means the server checks if the token corresponds to the address the request is coming from, and adds additional authentication measures if there's a mismatch
The fact that Linus was naked, got out of bed, and thought of nothing else during this trying time, shows a lot about his dedication and focus on his work/channel.
@@righteousone1 true cause everyone knows when you get some money your problems are invalid and things can never be "rough" for you since you don't work in the coal mines breaking your back
@@Theharrizable Linus is probably a great boss but no one is perfect so I'm sure he has his short comings and as with every leader there's always something to talk about
"Shout out to Steve from Gamers Nexus for alerting me at 3am." Can we all agree that this was worthy of a little bit more attention? Out of all the staffers that Linus has working for him, out of all the sponsors Linus promotes on his channel, and out of all the people that have his cell number or know someone that does, who is the one that alerts him of the hack at 3am?... a competing youtuber. Mad respect Steve.
Steve is in a different time zone. Yes, they're competitors, but tech tubers always have each other's backs. Also I don't think any sponsor or even all of the employees have his personal number, and I'm sure Linus has to have his workphone on silent at night. Don't get me wrong it's great that Steve did this, but I wouldn't expect any less from him, nor would I blame anyone else with Linus's cell for not being there first.
you understand it was in the middle of the night, right? People were sleeping. How would they know? Personally I only knew because I woke up at that time and i'm in a slightly different time zone. Had it been the middle of the day or a few hours later it would have been seen a lot sooner. FFS Linus himself didnt know since HE was sleeping too...
People think it’s a joke but Steve is actually tech Jesus, sent to us from above to do good for all of the community. Joking aside, you’re right, but I’m not at all surprised it was him who got to Linus first. Dude is a rock star.
That isnt even the only security issue with all this, there is an even more stupid one that RUclips hasnt fixed! There was also an hacking attempt on our channel 3 months ago from the same ppl, but i was able to prevent the hack. However in our case RUclips couldnt restore the Google account the channel was associated with and had to transfer it to a new one. The reason for that is, when your Google account has an email address that isnt Gmail, Google allows you to change that without 2FA. Even worse, once a gmail address is attached it is permanently locked forever and can never be changed again! So after locking out the hackers, we filled out the form and waited for YT´s answer. 2 days later there still wasnt any email, so we asked our MCN and they said YT had answered us 2 days ago. So where was the mail? Well turns out YT had emailed all the info to the gmail account that was associated with the Google account. They basically sent all the info to the hackers and not us..... So the only solution was to transfer everything to a new Google account with the old one belonging to the hackers now :P For more detailed information check the community tab of our channel where more details were posted :)
@@MikeLitty69 Oh im sure they can but its prob just easier to tell the channel owners make a new account and we can press this button and send you all the info there. They prob dont want to go through that old account and filter out all the bad links or uses that may be linked to it now.
I'm admittedly extremely envious of how fast your account was resolved. I mean, I get why - but for me, it was over 2 weeks of no channel and no idea what was going on, because the youtube team had next to no helpful responses the entire time. welcome back (and welcome to the hijack club)... maybe this will put more of a fire under RUclips's ass? probably not
Imaging RUclips being run by one of the biggest tech companies that has direct control over the one browser engine used by most of the leading web browsers. I am puzzled.
@@sarowie I find it particularly weird because, while all of my tokens were hijacked, youtube was one of the only sites where they *actually* gained access. Everything from facebook to evernote to yelp to coinbase realized something was up and locked my account. Meanwhile, my entire google account was just like "nah, seems fine".
i had a similar hack done to me in december 2021, i had about 800-900 subscribers, i had my channel back in less than 48 hours, youtube's process is very good and works for smaller creators too
DBRAND...Like a bestest friend. Always pulling jokes, poking fun and doing crazy stunts just to keep your life interesting. But like a true friend is always there to help. We can all use a friend like DBRAND
The fact you are sitting here willing to make a video teaching even after someone attacking your livelihood speaks volumes. I think it goes without saying this is why everyone loves this channel in part. Regardless, how much money you have made it takes a certain type of person to sit here and give back after that. Thanks Linus ~long term subscriber
This is why he has a successful company and we don't. If this happened to me, the last I thing I would do is to make a video that I could also postpone to tomorrow.
Might as well channel all that residual adrenaline into a short PSA. Still, that's an impressive turnaround time considering all the scripting and editing that went into this.
I really feel for you, as someone that had to play "Log in whac a mole" with a IP address logging into all my accounts from RUSSIA a few years ago it is truly devastating. I was never concerned with online security until I got hacked and all my accounts even a roblox account I forgot about was stolen from me in a matter of minutes. I was at the store getting groceries then all of a sudden I got new login notifications from all my gmails. Now I have 2 factor on everything. Not after playing log in whac a mole with a ip address from russia for 3 days straight .
I would love to see a follow up analysis of the infected PDF. I think it would be a useful tech tip for viewers, particularly if you work in an office environment which is where this kind of attack would be more likely to happen. Glad you guys came back so soon.
Yes! Also a deep dive to where the info was send etc would be a good watch, collaboration with @JimBrowning or @markrober ? Would make good content i think
Thank you for not blaming Colton. He probably feels bad enough about it. But I'm glad you fixed it easily. And thank you to Stephen from Gamer's Nexus, you really had Linus' back. His buck naked back
Thank you ALL for your constant support! And thanks to dbrand for sponsoring this video. Use code FIVEFOOTONE at shortlinus.com for 15% off everything site wide.
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► GET LTTSTORE MERCH: lttstore.com
► GET LTX 2023 TICKETS: lmg.gg/ltx23
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
► OUR WAN PODCAST GEAR: lmg.gg/wanset
Never been 17 seconds early 💀
LOL
So who did this?
Hi
@@Nitsua_YT same lol
Tech tip: don’t get hacked
Solid tip, bro.
Yes
Thanks bro
Tech tip: never use any tech, how are you gonna have any problems with it then
Nice tip my brother
As someone who had a channel deleted (albeit in a different way), I sympathize. Glad Google had your back and I wish they were as responsive for me (took a week, but at least they restored it).
- It's good to own up to mistakes; others will learn from this
- Perhaps link to the advice you quote in the video and not just a shout out to ThioJoe?
Keep up the good work.
oh yeah i remember you took a loooong time to get your channel back that SUCKED
There should be a club of getting your channel deleted
Jim
yooo jim browning!
Jim!! 😍
Most impressive part of all of this is how the company took responsibility instead of throwing an employee under the bus like SO MANY OTHERS DO.
surly his wife help him to understand that.
@daveballsack2038 he meant LTT not blaming the employee. Not RUclips helping Linus
How can they possibly fire Linus. This channel is literally named after him.
I agree with you GreyAye. This is an impressive display of emotional intelligence. Managers and leaders everywhere should take note. This video should be featured in classes at universities teaching the subject. Linus is a role model in this case, FOR SURE.
@@jeremy-b Linus clearly said it's as much as a problem with RUclips as with his company.
Also with your logic even TFA shouldn't be a thing, because "dOnt LeaK yoUr pAssWord gUys".
Almost happened to me but caught quick. Then a month later it happened to my cameraman who has a small passion channel. I felt so bad but used my size to help him get it resolved quick. It shouldn’t be like that, smaller channels are just as important and should be able to get help quick. Let alone the amount of poor people who got scammed
Whats the name of his channel?
The minions are coming
@@pritamdavisa large amount of people rushing to a channel is not always good
@@Xnoob545 agreed
Thankfully the hack was resolved quickly, thanks to you! You are a true friend
I feel bad for small channels who get hacked, they just get wiped off the face of the earth and replaced by Elon Musk NFT Bitcoin Tesla Free Double Bitcoin streams.
As someone in the cybersecurity industry, thanks for being so open about what happened, and bringing awareness to the technical elements involved. It CAN happen to anyone, what really matters is how you react.
Dont pirate tools and redline won't come to meet you :D Who takes advise from this fool anyways, got a team behind him 1000s of pounds of kit and the noob gets cookie jacked hahaha
Fr
@@DJIInLondon damn… cut back on the salt a little bit, my kidneys can’t handle this much.
The jealousy is almost palpable 😂
What do you think of time of day based functions being limited and requiring authorization by 2fa + offline scanned paper laminated qr code with a 7089 digit password? Sure, the cell carrier can be socially manipulated to enable a 2fa vulnerability but you can't hack what is akin to a cold crypto wallet that is offline.
@@DJIInLondon look up Qakbot and Emotet. The attack Linus is describing is very common right now.
So glad you are back in action. Excellent response and recovery, and ultimately messaging.
Would love to see the culprit PDF!
Get him to the top so we can see what this pdf was all about.
LMG hack de obfuscation pls
They should send the PDF to some security researchers, if not the community (with a warning that it's live malware, of course). Getting current samples for stuff like this is huge for establishing ways to defend against it or identify it.
J
Would love to see a collaboration!
Linus was just so done, he couldn't even spell the offer code correctly anymore.
Take care, everyone! And thanks for the hard work!
😂 I noticed it and was like umm did I hear that correctly.
@@IncorrectRUclipsUser I'm glad to hear I wasn't the only owne! 🤣
No it's cuz dbrand own him 😂
I came here to say this
He owned himself there.
I love how DBRAND jumped at the chance to completely troll Linus in his hour of need.
Whomever is in charge of their social media must be an epic troll.
Some one who used whom correctly?????!!!!
@@HunterVibez It makes perfect sense when you consider that it's my second language.
@@FrobergDK I just see no one use it correctly
@@HunterVibez lets be real English is broken glass full of small particles none of the particals are perfect and it cannot be molded to be perfect for everyone so just mold it to be perfect for you and make it understandable for others
@@HunterVibezidk if I'm an idiot but whom is the object form. wouldn't that be "Whoever is in charge" seeing as in this case "Whoever" is the subject?
Man, my guy was so focused that he forgot to put clothes on. So much dedication to the channel. We would’ve felt the same, and were so glad you’re back.
I think it just goes to show how much of a panic he was in that he just had to get to his computer to attempt to shut down the hackers
Linus doesn't wear clothes at home ever.
Linus sleeps wearing LTT boxers (lttstore), but he got out of bed so fast that his clothes disintegrated.
Which one of the poor editors had to go through that footage tho
@@ohhBigBadWolf LMmao
Really appreciate your honestly and candor here. A huge problem that needs to be fixed.
@cold42soy
That will never happen. Google doesn't throw any resources at actually improving RUclips in important ways.
Indeed
This sounds like someone in Erudite would say.
@@naga_serpentis Glad I wasn't the only one who thought Divergent when I saw "candor"
I feel bad for the poor editor who had to blur out his boss’ junk today.
lmao
🍓? Is that the new eggplant? Should have been a banana 🍌 😕 🙄
@@chapmanncheung4170 it’s probably meant to represent his “berries” (balls)
soon the leaked scene of him running down the stairs nekked will go viral...Colton's fault, of course.
onlyfans would probs be a good business decision lol
This is why having windows default to not show file extensions is the biggest security problem since the internet has existed.
Another problem is that Windows likes to execute code from a non-executable file extension. It shouldn't execute ".pdf.exe" or ".exe.pdf". If it does anything, Windows should call the PDF software assigned to the PDF file extension, not execute the file and let it do whatever it wants. I wonder if this virus will get named LTT for worming its way into the LTT office.
Or just use a Mac or Linux.
That's not even the biggest problem. You can have unicode characters in file names. Seriously. Who wants a smiley in their file name. It also allows for the left to right override to exist. Which is also an huge security issue. But the actual worst part is that .lnk file extensions don't get shown. They can easily just download the malware via powershell and run it. Which is why I currently don't have the command prompt or powershell on my system. I only place it back when using sfc /scannow or when I just wanna use the command prompt.
@@seansingh4421😂😂😂😂😂
@@seansingh4421 They are all susceptible to those attacks, what is your point?
Tremendous respect for Linus for not only the transparency around what happened, but the strong leadership of saying "this is ultimately on me and not the employee who made the mistake that allowed this to happen." This is what being a responsible boss looks like.
It's just common sense. You have to expect people are idiots (and some phishing can look very realistic depending on the situation). I work in it security and happened to click on phishing link because it really looked like related to some internal processes. Even with awareness you can never be 100% phishing resistant.
@@bencze465 i recently got what i belove was a scam sms from my insurance company, 2 months later i got a call and turned out it was really from then i was way past the paying date
Just how many more times can he fire Colton? :D
I bet a minute After saying this he fired everyone 🤣
Agreed
you can really tell this man has had a rough day, starts out by stopping a cyber attack and finished by spelling ONE O-W-N-E. he's completely tapped after today, truly an inspiration.
The owne had me dead😂
@Dbrand - Need to add the code FIVEFOOTOWNE for your boy!
OWNE- forgot the D
Yea I caught that too lmao
Just checked and Linus' spelling mistake is an accepted code at dbrand, lol
Linus is the only one that manages to get a sponsor on board for an update video about his channels getting deleted
To be fair, it's dbrand, they are always here for apocalypses
dude is incredibly bussiness minded. Found out that people were stealing his videos and posting them on a mainland Chinese website so he contacted and hired them to make official translations of his videos and post them over there legally.
If you guys search for his reaction video to Chinese pc setups, you'll find him talking about it over there.
Probably gonna be one of the most watched videos this year so sponsors probably chomping at the bit to get the slot
even his sorrowful 😔 time is sponsered just to make him get ahead of it sooner 🤣
It's guaranteed to get more views than the average video.
1 year later and this is STILL happening.
Because it's almost impossible to block it
yeah, they powerless google 😩😩😩
The best part of this is the fact that dbrand not only jumped at that chance to help Linus, but is also roasting him at the same time.
dbrand just keeps "broasting" him XD
I mean, haven't you had a friend like that, who will pull your chain constantly, but be the most loyal friend you have? I have. I get it.
Did anyone else notice when he spelled out the discount code he added a "W" and spelled out "FIVEFOOTOWNE" lol
@@1racerboy1 lol glad I didn't hallucinate that thought I was chatgpt there for a sec
Don’t forget the user code FIVEFOOTOWNE as Linus said
I really appreciate you verbally clarifying that no disciplinary action will be taken against your employees. Whoever it is, their world must have come crashing down when they realized what they'd done. I wouldn't be able to sleep at night. Being a calm, understanding employer is something the world needs.
Yeah, the last thing you need for better cybersecurity practices is a culture of blame and punishment
even then, how some of these scams work is by the scammer pretending to be a legitimate sponsor, with either a spoofed or faked address and a link to download some info on the sponsorship deal/contract, which is actually a Trojan horse that then uses your computer to hack the channel.
pog alter bridge profile pic
Yeah
They don't let their employees share wage info.
so pleased everything is okay.
Mhm
@Computment Don't worry People probably downloaded them.
Fire Colton
same
No
My 33k sub channel got terminated 3 months ago with the same Tesla scam. It took a week to get out google account restored but we still haven’t gotten anything other than “it will be reviewed” on our YT. Very frustrating
Keep fighting it and you’ll get your account back.
Steve from GN is a solid dude for going out of his own way to inform you.
"Thanks STEVE!"
We’re back to you Steve
I've been looking for this 😂
"Thanks Steve"!
Back to you Steve!
Thank you papa... yeah...
Steve is always there to help. You can literally see it.
I feel so bad, imagine waking up to that! Hope you recover from this and glad you got the channel back
Yeah can’t imagine your life’s work all gone overnight…
He recovered no? Seems like all videos are up 🤔
@@CanisoGaming in theory
Honestly, I think it will take him a while to recover from this. Not just because of his 10+ yrs worth of work gone for a day, but also because all unlisted and privated videos are shown for an hour. Enough time for some people to download all of them
@@jimbobcheezeburger2020 no, check his channel. All the videos that were posted before the hack are still there
"Shit rolls uphill"
There are a multitude of reasons you and your team are so successful, but this statement on its own is most certainly one of them. That mentality CANNOT be overstated. Bad stuff inevitably happens to everyone, but good things happening to good people makes it all worth it. Thank you for sharing, Linus.
This isn't a mentality you can teach. Great leaders will always fall on grenades for their team. Even when, objectivity, the team is truly at fault. They never seek blame; they seek resolution.
I can't for Linus' kids to get in trouble at school and they tell him -- "Dad, shit rolls uphill" 😂
@@fredwerza3478 🤣🤣🤣
@@BobSentell 🙌🙌🙌
Yeah, what a great attitude, and attribute for a leadership role!
You've got a very loyal fan base..
Truly a treasure to have
As a software developer, I really appreciate it when a detailed breakdown is given like this rather than just "my PC got a virus, then my RUclips was hacked". So to say thanks, and of course for getting the channel back up in such short order, I went ahead and ordered some goodies from dbrand using the affiliate link 😁
aS a SoFtWaRe DeVeLoPeR
This ain't a RCA bro
why is linus naked
You need out-of-band 2FA, BF protection and strict session timeouts. EDR also helps.
Linus being more or less calm and taking responsibility for his employees' lack of training is refreshing and a sign of a great boss for the long-term. He realized that his org needs more help in training and prevention, and takes ownership that the buck stops with him. Kudos on handling a super stressful situation with naked-grace lol.
If you wanna hear about when Linus went off the deep end, look up the clips from they’re podcast of when they moved his furniture.
It’s nothing bad. Linus is about as wholesome as you can get as a boss
The best company I ever worked for, had a similar thing happen to them.
A phishing scam to accounts and £48,000 lost in minutes.
No repercussions against the employee, apart from their own self imposed trauma, just a re-evaluation of process' to avoid that and similar events from happening.
A good management team learns, a bad one blames.
@@Youchubeswindon But in the case where it is drilled in to employees heads and they still fall in to such a trap, they should definitely be blamed.. most companies do make their employees aware of phishing and similar scams, malicious emails, it's pretty basic stuff. If you're not competent, and they could replace you for someone who is or might be, that's what a successful business needs to do.
@@otallono Big names also have someone, or several someones that deal with nothing but security. Git good applies to more than just video games.
@@otallono I don't think thats a good way to see the situation. If you owns a big company you MUST provide excellence training for everything is important in there. Social Engineering is something really underrated, as phishing and other hacking tools aswell. There are ways to hide malwares even in images, so yes, you need to make sure every of your employees, mainly those who have enought access to cause a problem, knows whats he is doing and to recognize problems when them happen (ie: if Linus' emplyee had noticed the redflag when opening the malicious file, they could act fast and solve the problem in its root)
The guy at DBrand that came out with this deserves a raise
It clearly worked, since project Killswitch is now out of stock until June
What about Steve at GN?
I'd value this video more as PSA than sponsored but I guess the hustle is real..
If they had even one thing I had even the slightest interest in or use for, I'd probably have bought something.
@@tntuofthat guy has a payroll that is amazing to behold, get out there and get yourself a DBrand skin for something to keep it all together.
This same thing happened to me and since google took forever to verify it was actually me they said “we don’t have data from your channel that far in the past” I was so confused because I contacted them as soon as I seen my channel changing. And I worked so hard and just hit 100 subs in the channel. Now I have to restart with this channel and all those all nighters and skipping hanging out with friends was a waste.
Imagine losing your whole channel, and within 24 hours you have a professionally scripted, shot, and edited video, detailing the whole thing, full with sponsor and additional topic notes. Congratulations on getting the channel back up and running so swiftly.
I wish everyone involved a very nice long nap and weekend, and a very satisfactory salary. Good job!
Looking forward to the WAN show!
Yep very SCRIPTED.
@@AdventuresOfDetroit yeah it was scripted last second
It was already filmed, he just waited for the hack to happen :))
The fact he got hacked didn't even leave reddit's front page and Linus had already had the video up.
Prolly cus it didn’t happen
The way you've taken full responsibility and stood by your employee is truly commendable. More employers need to take a leaf out of your book.
Agreed, mine would be throwing tantrums, cursing screaming, and blaming everyone else.
Then why did he mention a name. That was unpleutoo watch. 😡
@@MortenPejterRoitmann Bro 😂. That was clearly a joke, Linus always digs at Colton.
Him also owning that when shit hits the fan it must to upstream instead of down to a poor employee is a top tier move
The whole firing Colton thing is a long term joke from the channel.@@MortenPejterRoitmann
Man, huge props to the people sending superchats to alert people that the stream was bs. Y’all are amazing for real
Idk man if you're a tech guy and you believe that elon musk is hosting a stream on LTT's channel and doubling your bitcoins, you deserve what's coming to you tbh... I mean come on, that's some runescape-level scam.
The irony is that superchats are principally a scam in their own right.
This comment deserves reply :) ...exactly :) they are amazing for real :)
@@roflmagister5 unfair may be, but a scam? no
@@Lightn0x They renamed the channel to Tesla so gullible people would've seen a channel called Tesla with 16million subs which adds to credibility
What's wild is that this can happen to literally any of us.. but when it happens to us, we (the average person) probably won't ever get our stuff back because we're nobodies in the grand scheme of things.
Your wife helping you at 3am while you’re in your birthday suit is pure gold. Glad you’re back
Ya she seems to be the greatest sucess of his life :)
The kind of woman who pushes you forward to success, we all deserve one.
That's a high value woman
don’t forget the other wife Luke was ther 13:28
There's no way he was completely naked. But still funny. xD
Good to see you back Linus!
Oh hey, I enjoy the things you do.
Hi
Just saw your video 😂😂😂
@@usagamer9834 samee
Hi
Admitting that it was lack of training and not just the lower tier employees fault speaks worlds about how good of a leader you are. Been a long time subscriber, since the days before the office existed, and it’s been good to see you stay humble and treat employees as equals rather than numbers.
@@minmb82 ROFL
I agree. I've only caught 5-6 videos in total from this channel, and I wasn't subbed before now. But anyone who is in charge of other employees and can acknowledge the true issue and work together with employees to prevent the issue in the future, instead of just firing the employee, has my respect and my sub.
Same thing happend to me last night. So Thankful for RUclips Partner Support for helping me out.
The dbrand sponsor was savage lol
Soo happy you guys got it figured out.
Shoutout to all who helped, truly.
Ya
Too bad he couldn't read the coupon code correctly 😂
@@Midlife_Crisis_ I copped as well 😂
First time ever a sponsor actually got my sympathy!
actually went to their site to by something. Realized i fix all my stuff so it is all old and Dbrand got nothing for them.
Got a REALLY good laugh browsing their stuff, i can actually feel it in my lungs. I am going to get something the day i actually have something that works with dbrands stuff
Kind of amazing to see that you've got yourself to the point where you could post this calm analysis and reflection already. Lots of good stuff in here - especially:
Get a breach response plan together - it doesn't need to be all that complex - (Prepare), Identify, Contain, Eradicate, Recover, Review. Knowing that you know the steps to work through is a HUGE benefit when you are up against an emergency.
Your considered approach to disciplinary action and further training. The person who slipped up this time is now *far less likely to do that again* and may actually be an asset in working to prevent future breaches. Battle Hardened.
So you're telling me I DON'T need to send a shady stranger $5000 via Western Union to get my account back?
It’s seems John Warosa/Barosa has upped his game from simple billion dollar widower funds
Hey im atomic im a huge fan of yours
Hey its so funny where you will find people on youtube like you
I randomly had a video of you open on a other tab, scrolled through these comments and saw your comment, the coincidence...
Huge respect for taking accountability and pledging to train newcomers instead of blaming them and taking disciplinary action. LTT seems like a great place to work - keep it up, very mature leadership :)
Get the whole channel and subchannels hacked: i sleep
Scratch my floor: REAL SHIT!
Ehhh pros and cons
punishment is cybersecurity training at 3am with nude linus
This happened to us last week due to a virus on the computer from one my kids, where my session was indeed hijacked, my google account taken over and my band's youtube account to run a Roblox scam (tricking people into into downloading a Roblox mod that had the same virus in it).
Last week was really stressful, happy to have my account back now.
I will say though that the way to get proper youtube support is really, really bad...
The most impressive part of this video is the line: "Shit actually rolls up hill" in the organization. So many teams play the blame game of "whose fault" rather than take responsibility and build processes to learn from real mistakes and prevent future ones. Super impressed to hear that.
Employee of an tech channel opened a "presentation.pdf.exe" . My mom is 74 and she doesnt fall for that since 2000.
@@filipen.9522 he stated it was an .pdf and in .pdf there can be scripted macros you dont see.
@@filipen.9522 tell me you’re an easy target without saying you’re an easy target.
my favourite is the companies that say this UNTIL something goes wrong and you find not only does shit roll downhill those downhill get blamed for any thing they can't quantify.
@@filipen.9522 its not an exe file, there are ways to bypass that now. it seems to me you're still living in the 2000 era.
Thank you for turning a terrifying event into an educational video! I am glad that everything worked out and this community's response was just as incredible 🎉
Hi.
"It's all Content Baby" Linus Sebastian
I like how Linus owned himself by spelling ONE in the code as O W N E
i thought noone else noticed
But you remember the code now, don’t you? 😂
@@pepegaprofessor3324 lol. i said.. w? hahahaha Love you Linus
damn i commented about this when the video came out. 0 likes.
@@lzxty6024luck of the draw
I love it that even you getting hacked is a fun video topic to watch.
All due respect admitting your mistakes and still making it a great video
Fun wat the f
As someone who works at a company that was recently hit with a major cyber attack, I have some gut churning empathy for you and your team
cybersecurity is becoming a growing problem
@@ran160 It's a matter of "when", and not "if" nowadays.
I have empathy but I also have more empathy for the sole sysadmin they hired only in January, someone who probably has been pulling their hair out trying to improve security in an organization full of people who are usually the most dangerous, the tech nerds :P
@@ran160 It gets will get worse now that AI is developing at this rate
@@Redhawk_CS Yes, everyone needs to treat security as they would a fire drill, and practice what to do when it happens. The most obnoxious part about security is most of us have at least 50 accounts that all work completely differently and have unique security policies/changes in place. Security is in nowise standardized so what you might do for a Google account can be completely different from say a Microsoft account, or some random other website that implements their own security practices. This makes training for it hard, when you essentially have to have several if not hundreds of different types of accounts that work differently from each other. Perhaps its going overboard to expect individuals to do this for every personal account, but at the very least we should be practicing this with the accounts we use for our businesses and livelihoods.
Glad you got this sorted! You can actually disable all forms of two factor other than a security key by enrolling in the Advanced Protection Program. I’d highly recommend all RUclipsrs do so. There does need to be changes for this type of thing though. Even to start there could be more limited channel permissions, it would be a quick change but go a long way.
Hey judo
Lmao hey Judo
Judo sloth from Clash of Clans??😮
Hello Judo, big fan.
❤
Lots of youtubers are being hacked as well. I hope youtube does something about all this.
I wish there were a few more simple things in place. IP lock for the 2 or 3 places I actually upload from (selectable by me). Behaviour tracking (like, hmm, this doesn't seem like you is it?) That kind of stuff.
RIGHT MY MICROSOFT ACCOUNT GOT HACKED AND I SAVE ALL MY PASSWORDS BUT IT CAME FROM RUSSIA BUT APPARENTLY THATS NOT SUSPICIOUS AND 200+ ACCOUNTS GOT HACKED including the one I’m using the write this comment it’s so ridiculous…
Or maybe you just don't click unknown executive files. You guys are funny.
@@smithcrossland441 Bro I got hacked from Vietnam of all places both my old emails I don't use, my facebook (got the facebook back but don't know enough information about the activity on my old hotmails to get them back), NO MICROSOFT I AM NOT IN VIETNAM lmao
@@Dustmadeout I feel honored the big wig big shot wants to talk to me!
@@cruxiaercreations8578 Don't be an idiot, PDFs can't do that. He had his file extensions hidden and thought it was a PDF in a fking TECH COMPANY lmao.
That was OWNE heck of a story. Thanks LTT and dbrand.
😂 was coming to the comments to see if just owne other person noticed
lol came to comments when i heard W in the spelling of ONE.... but lets give it to the guy... getting Linus back is one big W.
I was wondering about that, too hahaha
@@FroobTubeLIVE ownedering, even?
Came to the comments for this.
Dbrand is like that friend who constantly teases you but would get in a fight to protect you.
Glad to see the channel is back & thanks for being so transparent
Five foot one 😂
100%
Dbrand would hunt down your stalker for you. Then go back to razzing you once it was done.
They’re brutal savages and it’s hilariously amazing 😂
They got your back... Unless you own an LG phone :(
At least you got your channel back. I lost my channel permanently after it got hacked, I think it had a name change too. Ever since that incident I started using Security Keys.
DBrand, even in the worst of times, never skipping a beat to sponsor and troll Linus 😂
Go back and listen to him read the promo code
Lets be real, this is a huge story and will be huge PR for dbrand, easiest marketing decision ever made!
How did it all start? 😂
That extra W where it matters.
five foot..owne? hmmm
I'm seriously glad that everything turned out to be okay for everyone at LMG. Amazing job everyone in response to this. Looking forward to more content in the future.
You can bet the man has had zero hours of sleep since the incident.
Tired Linus haha
Thank goodness u posted something I was going to he spelt it so wrong
Nice Freudian slip.
i thought i was the only one
I'm most impressed by your willingness to turn this into a teaching moment for that employee rather than pursuing disciplinary action. It really says a lot about the work culture you've been able to build at LMG.
RUclips needs to be taught a lesson about hiring scammers/hackers
@@carsnob youtube didnt hire hackers/scammers tho?? what are you talking about?
Oh that employee is getting disciplined or fired. Don't think that's not happening.
@@RamonathoWhy, its a honest mistake that the employee made.
@@Ramonatho as they probably should be yaya
00:00 Linus Tech tips channel hacked and used for cryptocurrency scam
02:10 Two-factor authentication has vulnerabilities.
04:08 A malware attack can steal session cookies and login credentials from locally saved login details, by taking advantage of browser sessions.
06:08 File extensions should be double checked to avoid cyber attacks
08:00 Google's lack of communication during crisis causes frustration and opacity
09:42 Changes needed for improved security options on channels.
11:26 Online banking websites usually invalidate login sessions in a few minutes while social media platforms tend to keep them active for longer, potentially leading to security risks.
13:12 dbrand helped LTT recover from a hacked account and sponsored a video
Crafted by Merlin AI.
Thank you for addressing the issue of smaller channels not getting the help they deserve from RUclips
Exactly this, I know of two that suffered the same fate, from the same vector of attack, but only restored their channels because of others in the RUclips partnership program
Unpopular opinion: What is RUclips supposed to do? There have to be like two billion accounts on here. Are they going to hire 100 million account managers?
@@yrobtsvt They dont need to hire account managers.
Just revert that account to a previous state, invalidate the session token by forcing all devices to log out and change the password.
@@yrobtsvt Or come up with an actual ticket system so people can at least get their problems looked at eventually rather than relying on friends and Twitter? Or some better security features?
You're talking like it's unreasonable they would have to actually help their users just because of their size. Even the biggest corporations in the world have customer service lines where you can call and get help eventually.
@@Toastybees To point out how it's entirely possible to implement something like this, Steam support used to take IIRC about a week to get back to you. I remember because my account got locked in 2010. But once they did they were very prompt about helping me. Was it really annoying it took so long? Of course, but it's far better than nothing, which is what RUclips creators seem to typically get. And if a smaller company like Valve can offer such customer service (they're actually far more prompt now days), then a monstrously huge company like Google has no excuse.
I feel sorry for what the editor had to see to blur everything.
Linus Sex Tips
Linus nude tips
if that was me id personally blur the video, export it, then and only then give it to the editors lol
I’m sure Linus or Yvonne did it because I’m sure one of them had to dig up and clip the home security footage
Wishing I was an editor rn
Love that Steve reached out to you at 3am to make you aware. Truly a good dude.
That is a TRUE FRIEND !! ❤
Of course it had to be Steve at 3 am, who else is awake and working at this hour!😅
Well to be fair it would've been 6am in NC where Steve is but still not surprised Steve is up doing stuff at that hour
Classic Tech Jesus
i think it was his wife
I love the honesty and sharing with us that your organization also got hacked (just like many big organizations). Theses tips are extremely valuable and should be implemented by everyon.
It makes me really have some respect for Linus that not only did he not blame that employee, he said there would be no punishment or reprimand. What a class act
I was literally just about to comment exactly this lmao it’s so true
@TehPh1L yeah, this shit is affecting both big and small RUclipsrs with seemingly no problem.
Well a quarter of their content is about how they sc**up and how they fix it. But this is a new scale.
They should give them a raise for the extra content.
yeah man having worked in SRE it's a process issue not an individual. You learn nothing just through apportioning blame.
I love how Linus puts in the fact that no one is getting fired for this and that it was simply a matter of the knowledge his personnel has and actually takes accountability for his own mistakes. Really goes to show how good of a boss he is and that he's willing to take responsibility and better train his employees so things like that don't happen again. Props to you Linus 🙏
LMG has been setting the bar since basically forever.
Nah it was the loop hole in the system 😞. If they use different email contact than the one that linked the youtube or maybe use 1 special computer to check the email only shouldn't that be resolve? The internet nowadays getting scarier with only opening PDF or any untrusted file can just copied our stuff in the background
agreed Linus is awesome, mistakes simply happen
He says no one gets fired, but he obviously didn't have proper anti-virus like Sophos or Webroot on his employee's machines, so even if someone did click on something dumb it's his fault for not properly security his devices. Linus has the security know how of a home user, but at least he does seem to be a chill person. He should hire an IT professional to oversee his environment and save some headache... Or maybe he is happy stuff like this happens because it gives him things to make content about?
@@Darksteel165 and how do you know that so confidently, do you have inside knowledge of what antivirus they use on their employees' PCs?
I love the fact that despite someone on your team making a mistake, you guys are using this to better the company instead of hurt it.
It's like you need a separate computer with its own address to be in contact with sponsors , totally isolated from other computers .
Yeah its a pain in the back , but when there is no access ever made to the creative part , there is nothing anyone can use .
@@pete_lind hacked by downloading a file. That no one thought about that...
That trick is as old as computers itself. Seeing my work tasting it's employees on it regularly.
But yeah besides the extra security. Separating prevents a lot. Excellent tip in general, even it's just for yourself,
those who blames mistakes are fools
Linus know that, so instead of punishing the guy who made the mistake he uses it as a learning factor to better secure and improve the company
@@pete_lind We have that in our firm, actually a cheap setup but a pain for us employees ... we can´t goof around in the internet. I have no internet access, I am only allowed to use the software intended for my work plus the fact that the server my work is stored on isn´t connected to the internet either. I think we only have two computers with internet access and they are both strictly regulated .... and we are nobodies in the big picture. I think my boss is paranoid.
@@pete_lindI know multiple smaller creators who claim to do that. But its the Work computer (business) main (upload)
I really appreciate the honesty and transparency. Such a crazy event, and something to look out for.
In a healthy organization, sh!t actually rolls up the hill, rather than down. Beautifully said, Mr. Linus
I've never had a job where shit didn't roll downhill, I think shit only rolls uphill in tech because the people are smart enough to own responsibility. In Healthcare it is all about liability which leads to fingerpointing and the people at the bottom take the blame for failure even when there is poor management and lack of training
Already one of my favorites, respect grew immeasurably by owning up and taking responsibility.
@@elijahdungan3612 Haha, that's a very interesting take on the healthcare industry. That means the only ones who rise to the top are the ones who manage to keep themselves clean. Ofc, nobody is perfect, so who did they blackmail to get where they are? amiright?
@@davidsauve7794 absolutely.
@@elijahdungan3612 nah, I've seen plenty of healthcare organizations that own their shit at every level. It's not just tech.
Publicly stating that, no matter what who or why, sh*t rolls uphill and taking that responsibility is an impressive thing and just adds to the respect you have as a boss. Kudos.
Not just as a boss - but as a business owner, as a content creator, and so on. That willingness to take ownership, and ask "what could I do, to improve the situation" is such a good attitude for becoming successful.
Very respectable
@@formes2388 Absolutely right. Every part of the success is thoroughly deserved and becomes more so as time goes on.
Downhill buddy 😂
@@Lynn-mc9zk Ummm, nope.
Five foot oWne! You've really had a long day Linus!
This was quite a shock to hear about, I was quite upset as I've been a fan for many years now & loved the content. I'm glad you were able to resolve the issue so quickly without any long term damage or loss of content. Thank you for spreading a bit of awareness & giving some tech tips to help others try avoid the same scam.
I thought I was the only one that noticed, lol
The lack of sleep and stress got to him LOL
I had to play it back and make sure my mind didn’t say “w”
I was thinking, is that how they spell it in Canada?🤔
he forgot the d at the end, but you know.... we all make mistakes
I know I’m months late, but good job getting this under control. Good job admitting where you went wrong, and I completely agree that these companies need to offer better security measures. For example, my bank (yes, my BANK) doesn’t even have MFA as an option.
My BANK has no app 2fa, and requires SMS 2fa...
I'm a security data scientist for a bank, which most of the time makes me feel pretty paranoid about the level of care I take when dealing with digital content, but stories like this make me feel a little less crazy.
your not crazy enough
You should get even more paranoid depending on your levels. Keep your nogging working and thinking about ways to avoid trouble. (Of course, only if you can deal about that. No use stressing over things you can't deal with.)
@@mattsopiratoso790 Oh I have to be plenty already. I don't know whether it's because of my job or just really advanced data mining, but I've had emails and texts sent to me that used very tangential details about my life to sell the illusion, and my employer has told me straight up that they've found bounties on me and my whole team on the dark web. And I don't even have any real power or anything lol. I'm just a convenient potential entry point, like a lot of others. It's creepy to think about, but that's where we are today. The sophistication of black hats has increased to an almost unbelievable degree.
Not a data scientist, just a lowly sys admin, but I completely understand. Security is such a fragile thing and we are never in control.
@@jamesstack7237 Oh come on now, some of my best friends are sys admins 😁 Actually, I would think your value as a target would be even higher than mine. My code runs over sensitive datasets, but I myself don't even have access to them. Typically I only have access to extracts in dev and it's our devops guys and gals who have access to silver and gold that place my code in production.
Glad you’re back! It’s great that RUclips can restore the channels. As few people as possible should have access to the admin privileges of the channels. It was amazing to see those super chats warning people! I’m glad it’s all sorted now. Welcome back ❤
H
You can see how much he cares about the organisation by the emotion in his voice, especially when he expresses his gratitude. No wonder he turned down 9 figures for it all - this is his baby and he cares about his team. Even had me a bit misty.
Verified!
Super crazy seeing you here.
No
My account got hacked a few weeks ago. I've reset my password, but I still log on to my email everyday to see hundreds of vague sent emails which I obviously did not send to people I do not know. I've changed passwords several times but the mass emails is still been sent...
Right now I'm tempted to deleted the account but I don't want to loose my RUclips channel. Can anyone please help?
Man you can feel Linus still hasn't fully recovered from this.
I am so happy to see you back. Your channels are just great and I appreciate your work.
His family weren’t taken hostage - Jesus Christ you fucking nerds make stuff like this seem like the apocalypse. You gonna say he got PTSD from it next?
It literally happened 15hrs ago of course he’s not fully recovered
You just feel this pain from the very beginning and man does it not feel good at all. His eyes tell the whole story
Mad props for Steve for alerting Linus and to the guys sending superchats to viewers!
1.2K likes in 2 minutes wtf
@@MightyWinz its a bot
@@MightyWinz lol
I'm not at all surprised that Steve would be the first to tell Linus at 3 in the morning seeing how he regularly works into the night
Steve's the GOAT..!
7:47 bet Steve is regretting that text rn
No, how else was he supposed to get views?
???
The fact that Linus and his team were dealing with being hacked and still managed to crank out this long and in depth of a video that's well edited is seriously underappreciated. Big props to the team for filming and the crazy fast editors for this video. Glad you all were able to get the channel back so fast.
Mad props to Dbrand, not afraid to troll a guy when he's down. 😂
Their website is hilarious. I literally have no use for any of their products, but would buy if they had something.
Edit: grammar
....." f-i-v-e-f-o-o-t-o-w-n-e" -linus
Their marketing finally got to me. Fivefootone got me the deal on some joycon wraps.
One of my friends worked on his channel for over 5 years and had it going good. Later it was hacked by someone in Bangkok and Google never responded to his emails because he was only at about 100k subs I guess. Not a big channel but 5 years of work all gone! Google needs to do something about the lack of service support.
So impressed by this response. Explaining what happened, taking responsibility and not just blaming subordinates, making constructive recommendations, and showing gratitude and grace. Masterclass in what I’d want to see in leadership.
I really wish more bosses were like this. I have to say I'm a bit jealous of his employees, this is just not how most organizations work.
facts. linus is the goat
@xPreame lol you literally copied my comment verbatim
@@andhaynes But with cleavage.. Think shes a bot? I do.
Pro-tip: if your company doesn’t handle things this way, polish up that resume - they’re not worth your time or effort.
Ah yes, O-W-N-E = ONE.
Glad that your channels are fine. I didn't hear about it until now but it's great to know that the LMG crew still has channels to create awesome content to (:
he is probably super tired honestly
It's cause they got... owne-d.
@ imagine if that was dbrand promo for this video
@ damn, you beat me to it
Now Dbrand is gonna make fun of Linus for not being able to spell O N E correctly 😂
(Use code ‘LINUSCANTSPELLONE’ / ‘LINUSOWNE’)
Can we take a moment and send our condolences to the poor LTT video editor that had to add the blur effect.
F
F
F
F
F
5:47 , OMG this same thing happen to me. I was downloading a mod for a game, then the file kept closing and wasn't running. So then I decided to uninstall that mod. The next day all my accounts were hacked, Epic games ,google, riot games, steam and twitch. The only thing they did was change my Epic games email. When I manage to get all my accounts back they haven't stolen anything.
Session tokens should be reconciled with IP address. Google engineers have just prioritized inflating engagement KPIs cause that’s how they move up in the organization.
Chocolate rain
@tayzonday would that make not make it less secure since it being stored locally like it is right now means that they would need an in to your device, but with it being linked to IP they would be able to get that info by just finding and connecting to your IP address? I am just asking I'm studying Compsci in Uni so I was just wondering
im sure spoofing the ip is trivial.
@@gangaskan2255 unless they have access to your pc or home network it shouldnt be possible
@@partsonmutambudzi386 session token being linked to IP address doesn't mean the IP is used for authorisation at all, it means the server checks if the token corresponds to the address the request is coming from, and adds additional authentication measures if there's a mismatch
The fact that Linus was naked, got out of bed, and thought of nothing else during this trying time, shows a lot about his dedication and focus on his work/channel.
Now there is a shit stain on the chair
Oh boo hoo hoo a multimillionaire had a rough few hours...
He’d prob stop mid-coitus if his YT channels went down
@@righteousone1 true cause everyone knows when you get some money your problems are invalid and things can never be "rough" for you since you don't work in the coal mines breaking your back
Someone should get the man a robe
I think Linus deciding not to blame the new members of his team really shows how understanding he is
I think he would be a fucking terrible boss.
@@Theharrizable "fucking" wow really emphasised that didn't you...
@@Theharrizable Linus is probably a great boss but no one is perfect so I'm sure he has his short comings and as with every leader there's always something to talk about
he should've grew balls and fired someone
@@SPECTRA890 hah, short comings
Dang good looking Linus hope you get back up and running w/o too much headache 😮 love your channel!
"Shout out to Steve from Gamers Nexus for alerting me at 3am." Can we all agree that this was worthy of a little bit more attention? Out of all the staffers that Linus has working for him, out of all the sponsors Linus promotes on his channel, and out of all the people that have his cell number or know someone that does, who is the one that alerts him of the hack at 3am?... a competing youtuber. Mad respect Steve.
No… no attention… RUclips/Google don’t wanna hear about this.. only bothers them since they are the ones allowing it
Steve is in a different time zone. Yes, they're competitors, but tech tubers always have each other's backs. Also I don't think any sponsor or even all of the employees have his personal number, and I'm sure Linus has to have his workphone on silent at night. Don't get me wrong it's great that Steve did this, but I wouldn't expect any less from him, nor would I blame anyone else with Linus's cell for not being there first.
The true meaning of friendship.
you understand it was in the middle of the night, right? People were sleeping. How would they know? Personally I only knew because I woke up at that time and i'm in a slightly different time zone. Had it been the middle of the day or a few hours later it would have been seen a lot sooner. FFS Linus himself didnt know since HE was sleeping too...
People think it’s a joke but Steve is actually tech Jesus, sent to us from above to do good for all of the community.
Joking aside, you’re right, but I’m not at all surprised it was him who got to Linus first. Dude is a rock star.
That isnt even the only security issue with all this, there is an even more stupid one that RUclips hasnt fixed!
There was also an hacking attempt on our channel 3 months ago from the same ppl, but i was able to prevent the hack.
However in our case RUclips couldnt restore the Google account the channel was associated with and had to transfer it to a new one.
The reason for that is, when your Google account has an email address that isnt Gmail, Google allows you to change that without 2FA.
Even worse, once a gmail address is attached it is permanently locked forever and can never be changed again!
So after locking out the hackers, we filled out the form and waited for YT´s answer.
2 days later there still wasnt any email, so we asked our MCN and they said YT had answered us 2 days ago. So where was the mail?
Well turns out YT had emailed all the info to the gmail account that was associated with the Google account.
They basically sent all the info to the hackers and not us.....
So the only solution was to transfer everything to a new Google account with the old one belonging to the hackers now :P
For more detailed information check the community tab of our channel where more details were posted :)
did YT take any action on the old Google account now in the hands of bad actors?
Hey worldoflongplays 👋🏻
@@themadmallard Nope, the old Google account still exists but is basically an empty shell with nothing attached to it.
@@worldoflongplays Why cant they delete it?
@@MikeLitty69 Oh im sure they can but its prob just easier to tell the channel owners make a new account and we can press this button and send you all the info there. They prob dont want to go through that old account and filter out all the bad links or uses that may be linked to it now.
I'm admittedly extremely envious of how fast your account was resolved. I mean, I get why - but for me, it was over 2 weeks of no channel and no idea what was going on, because the youtube team had next to no helpful responses the entire time. welcome back (and welcome to the hijack club)... maybe this will put more of a fire under RUclips's ass?
probably not
Imaging RUclips being run by one of the biggest tech companies that has direct control over the one browser engine used by most of the leading web browsers.
I am puzzled.
lizard man
@@sarowie I find it particularly weird because, while all of my tokens were hijacked, youtube was one of the only sites where they *actually* gained access. Everything from facebook to evernote to yelp to coinbase realized something was up and locked my account. Meanwhile, my entire google account was just like "nah, seems fine".
@@sarowie, there’s many more RUclips creators than Google employees. Hope that explains it.
@@sarowie Welcome to capitalism; Profits over People!
i had a similar hack done to me in december 2021, i had about 800-900 subscribers, i had my channel back in less than 48 hours, youtube's process is very good and works for smaller creators too
DBRAND...Like a bestest friend.
Always pulling jokes, poking fun and doing crazy stunts just to keep your life interesting. But like a true friend is always there to help.
We can all use a friend like DBRAND
It was hilarious but don’t make it more than it actually is: a business. This is a business agreement with LTT to make money.
The fact you are sitting here willing to make a video teaching even after someone attacking your livelihood speaks volumes. I think it goes without saying this is why everyone loves this channel in part. Regardless, how much money you have made it takes a certain type of person to sit here and give back after that.
Thanks Linus ~long term subscriber
...make a video selling products even after......
He’s gets to explain what happened and get paid … it’s not really commendable…
What exactly is he “giving back” if he’s continuing to make money off these views?
Bruh you the type of guy to be an active member of r/wholesomememes and r/MadeMeSmile
This is why he has a successful company and we don't. If this happened to me, the last I thing I would do is to make a video that I could also postpone to tomorrow.
Steve is a God Dam Big Hero. Love seeing techtubers help each other out
I love that Linus, Steve, and Jay from JayzTwoCents go between complimenting and helping each other out to respectfully talking shit in their videos.
What did Steve do? I watched the video but don't recall him being referenced.
@@jvivlemore He tried calling and then messaged Linus at around 3 AM, waking him up to the nightmare.
@@joesterling4299 Love that and must have missed that part of the video. Thanks!
@@jvivlemore Yeah the screenshot of the text message was in the video for a few seconds.
Edit: At 7:45 into the video.
One Year Later. Google still hasn’t done any of these things that this man has suggested… that I know of. Getting hacked scares the bleep outta me.
The fact that they even cram out a video about this on the same day. Mad respect.
Kinda suspicious almost
@@ModishShrink get laid
i'm more impressed at Dbrands level of spine to even do this. KEKW XD
Might as well channel all that residual adrenaline into a short PSA. Still, that's an impressive turnaround time considering all the scripting and editing that went into this.
Never underestimate a man who's *P I S S E D.*
Welcome back - I was really worried for you!
Love your videos!
What a time to be alive!
Poop
Love your vids
Hold on to your RUclips channels!
I can’t imagine the stress you all felt. So glad you got it all back.
I really feel for you, as someone that had to play "Log in whac a mole" with a IP address logging into all my accounts from RUSSIA a few years ago it is truly devastating. I was never concerned with online security until I got hacked and all my accounts even a roblox account I forgot about was stolen from me in a matter of minutes. I was at the store getting groceries then all of a sudden I got new login notifications from all my gmails. Now I have 2 factor on everything. Not after playing log in whac a mole with a ip address from russia for 3 days straight .
dbrand's sense of humor and support in this is awesome, such a massive W for them they seems great
Next time the code can be 'BOTHINCHES' or something
Oh boo hoo hoo a multimillionaire had a rough few hours...
@@righteousone1 to be fair this guy has worked very hard for what he has
@@supernoodles908 to be brutally honest he doesn't care about your existence let alone knows of it
@@righteousone1 i mean that is kinda true but he literally works his butt off for this he doesn't really have time to read your comments
I would love to see a follow up analysis of the infected PDF. I think it would be a useful tech tip for viewers, particularly if you work in an office environment which is where this kind of attack would be more likely to happen. Glad you guys came back so soon.
Yes! Also a deep dive to where the info was send etc would be a good watch, collaboration with @JimBrowning or @markrober ? Would make good content i think
Sounds like a task for John Hammond... :P
@@NerdOllie spared no expense.
Here’s a video on it ruclips.net/video/jnhzMLBq1VM/видео.html this shit has been happening for a hot min
ruclips.net/video/QpnqeOqb4cc/видео.html another one about it
Thank you for not blaming Colton. He probably feels bad enough about it. But I'm glad you fixed it easily. And thank you to Stephen from Gamer's Nexus, you really had Linus' back. His buck naked back
He didn't have a pair of shorts to throw on so his kids didn't see the bits if they walked in?
@@michaebr Yvonne would have herded the kids out before they saw cracks and bits. He explained it better on WAN show.