Linus Tech Tips Got Hacked

The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'

Markste-in

Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour.

Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.

ThioJoe

1 month of no MentalOutlaw, time to start catching up

lymieux

Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other YouTubers have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.

sunla

Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.

HowdyYT

The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening.

More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this.

They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration.

I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little YouTube channel and you never change your behaviors as the business grows.

dycedargselderbrother

Good thing it happend to linus. Hes the one most likely to make a giant wave in the YT community to force YT to finally do something.

Schniebel

LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!

Strykenine

>Sir, they've hit the second channel
>I know (smiles and does the soyface)
Oh sh-

miller

This is a real "hard-R" moment.

TheTundraTerror

Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.

abracadabra

I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.

entothechesnautknight

I can't believe YT didn't fix this cookie shit yet... I've seen numbers and numbers of creators get hacked

spx

What gets me is that its so easy to prevent this hack. Just require someone to log in (again) before they can livestream or private all videos.

ObviousRises

linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.

abdelnajjar

Considering they ran ZFS servers as core infrastructure for years without scrubbing, I wouldn't be surprised if they used YouTube as a backup repo lol

blusterkong

The most funny thing is Linus will probably make this topic his most profitable video in a long while when the channel is restored.

ShihammeDarc

Remember when this happened to Nathaniel Bandy.

Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.

MateuLeGrillepain

the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.

phgamer

Congrats on the shoutout from the WAN Show! (1:30:00)

ZvZxlcVjaMu