The best security measure that I've found is quite literally what you said at the end. Delete browser data on exit and then making sure people actually exit the browser (maybe set like a 15 min timeout as well) on a completely separate sandboxed device you use for 1 thing and 1 thing only. That makes this not impossible to pull off but much, much harder.

1 month of no MentalOutlaw, time to start catching up

Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour. Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.

Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other KZbinrs have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.

The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'

Tesla Tech Tips

This is a real "hard-R" moment.

The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening. More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this. They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration. I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little KZbin channel and you never change your behaviors as the business grows.

Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.

Good thing it happend to linus. Hes the one most likely to make a giant wave in the YT community to force YT to finally do something.

linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.

LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!

Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.

>Sir, they've hit the second channel >I know (smiles and does the soyface) Oh sh-

I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.

The most funny thing is Linus will probably make this topic his most profitable video in a long while when the channel is restored.

"Just the tip" -Linus

He dropped his security. Bound to happen.

What gets me is that its so easy to prevent this hack. Just require someone to log in (again) before they can livestream or private all videos.

Congrats on the shoutout from the WAN Show! (1:30:00)

I can't believe YT didn't fix this cookie shit yet... I've seen numbers and numbers of creators get hacked

Considering they ran ZFS servers as core infrastructure for years without scrubbing, I wouldn't be surprised if they used KZbin as a backup repo lol

Remember when this happened to Nathaniel Bandy. Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.

Linus mentioned your video on LAN show. Dang you got in fast.

the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.

It was not just $7000. They cycle addresses, not everyone gets the same one.

Great video, great advice, that unfortunately probably won't get followed, and this type of thing will probably continue to keep happening.

You were absolutely on the ball. His session manager was hacked because some employee downloaded a malware

Still not nearly as embarrassing as that cybersecurity youtuber who fell for a phishing email.

not suprised with the session hijacking, but how the hell are they changing the password and 2fa after? even if they are already "logged in" anything that needs a password or 2fa should be inaccessible unless they got those some other way. unless there was some huge oversight from google where that could be bypassed somehow, which would be absurd.

Apparently the scammer had sent an email purporting to be a sponsorship or advertising offer to one of his employees and the pdf file in the email had contained the malware.

Great advice totally going to take those tips for my future endeavors with my business partner on our upcoming channel project this summer 🌞

i've actually seen channels with like 200K subs hacked like this and getting their channel back

Memeology101, an absolutely based channel, still got his channel back after this hack happened to him even though KZbin probably doesn't like him.

You’d think Linus fans who are smart enough to assemble a gaming pc won’t send their cryptos to a hacker’s scam site.

Linus once pointed out in an interview about their old stuff, that those weird placeholder videos are videos that they had deleted, but when KZbin recovered everything from the previous hack, they also recovered videos that had been deleted.for years. I don't know why they havent deleted them again. Many channels have previews and drafts of upcoming videos on their channels temporarily. Apperantly deleting those doesn't really make them go away.

Totally agree with what you said in the end. A separate Linux machine makes things much more secure, and Google allowing to change password without requiring the old password is downright negligent.

I would love to know which person on the staff accepted the fake sponsorship that usually leads to these hacks. They give people a sponsorship email, get him to click and get temporary access to there system without having to do two factor Authentication

Thanks, learned some extras from your personal knowledge base!

Popular one is to send them scr files posing as pdf files, scr (screen saver extension) is executable in windows and by default file explorer doesn't show extensions.

A music creator called VectorU (90k subs?) got hacked late last year and also got the channel back after a few days. So while I'm sure Linus does get special treatment it's not like everyone who isn't huge is completely screwed.

Best thumbnail!

I find that perfectly shows that even if you are an expert in the field that you are not protected from making one little mistake and loose everything.

Happened to me last year after i lost internet and had to connect to a public network, was insane to me at the time that 2 factor didn't help at all luckily twitch helped me out after 4 weeks, alot more careful now but thanks for explaining how it happens in a bit more depth, people really should be more careful, it changes your profile to a tesla logo and plays random elon interviews, nothing more shocking then being told "hey, you're live?" when you're not

I was wondering why their videos were clogging up my notifications. That literally just happened this morning, so you got this video out hella quick!

Between this and the recent "hard R" thing, Linus is having a rough month lol. Thanks for explaining how this hack works, was always curious how they just got around the 2FA so easy.

I wonder if the scammers occasionally actually do pay out the victims: not only would this convince someone that it genuinely works who then might go and try it out with WAY more money, but this also would disguise victim wallet addresses with any wallets being used to tumble the crypto.

One of my favorite channels got Elon-hacked 3 weeks ago proably 30-50k subs. Their channel is still banned/deleted today. Not sure if they'll ever get it back. Google needs to do something about this ASAP!

Anyone and everyone can get hacked. This insanely toxic mindset of "You're a tech channel, how could you possibly get hacked?!" is seriously getting tiring. Its never been a question of "if", its always been a question of "when". Its like saying "You're a fitness trainer, how could you possibly gain any kind of fat?" or "You're a mechanic, how can your own car break down?!" Get over it. Shit happens.

Password changes should always prompt for password. Weak, Google.

It would be funny if it ends up they got hacked by downloading something from one of those fake Google ads. Linus has a strong opinion against adblockers, and an adblock could've prevented this if that was the case. On the other end, if it really was a fake ad, then Google might finally start cracking down on them, now that they got egg on their face.

their last tweet before ltt channel got hacked fits so well with this situation

I've seen this happen to over a dozen channels just in the past few months. Really turning into an epidemic now.

Ah the classic "double your money" Runescape scam

I Like your BSD idea for future me if my channel gets anywhere good in the future . Appreciate the video to spread awareness to this scam more, I hope the algorithm favours this to be seen by as many people as possible.

great content man. Really like this style of video from you

I love your vids and commentary, brother! Your subtle humor and focus on privacy are great.

Love him or hate him Linus has been dedicated to his work for the better part of two decades. Maybe he makes mistakes, maybe he shills for shitty sponsores, but in the end he provides quality benchmarks, covers most of the new gear and has made computer science and computer building more accessible to a broader audience. This man and his team are the MVPs and the right thing to do is to allow them to recover and not try to stir up shit from the unaired footage.

This same hack has happened to 4 channels I’ve been subscribed to. All of them recovered faster than Linus, including much smaller channels (sub 200k). It’s strange that KZbin has not restored their channel to a previous state.

I actually posted about this on my community page a while back. Caught me off guard that they'd fall for a sponsor scam.

7000 bucks is a lot of money but honestly it’s probably way less than they would get from hacking most other channels this big. Linus’ audience being more tech savvy means more of us would immediately recognize this scam compared to the audience from, say, a vlog channel. Plus quickly getting the redirect flagged.

What I've read about this hack of KZbin creators is that the malware is sometime distributed through a "sponsor proposal", with a infected pdf We don't know if it's the case here though...

I am legitimately blown away by the fact that people fall for the double your money scam. Its the most low effort and obvious scam.

Honestly, this says a lot more about Google/KZbin security then anything. My KZbin account is so old that it was made before Google bought them, and I was pissed when they combined them and required me to use a Google account to sign in.

the idea of an elon musk stream just appearing on your channel one day is hilarious

They were using youtube as a kind of backup. Linus talked about it that it ain't ideal but its nice to have all the videos in one more place

One way to prevent this kind of issue is to setup firewall rules to block all traffic to and from sites other than KZbin on dedicated PCs in the office used to access KZbin

What's actually scary is that Google can essentially decide which site is trustworthy or not in a second, blocking every normal user completely from visiting. Obviously to prevent scam like this it's not a bad thing. But they could block any website like this if they wanted to.

This is just sad to see, really. Because thanks to his input i was able to get my hands on the best gear for my work.

You would think KZbin/Google would’ve implemented some algorithms to detect when a high profile channel suddenly changes its password, 2fa, channel name among other things and starts live streaming. Those are all huge red flags. And should’ve automatically locked the account.

This is honestly entirely KZbins fault. For all channels above a certain subscriber count, maybe 100k, there should be an option to have a manual verification, done by an actual human being at KZbin where they call the number linked to your account (that cannot be changed by you, only by KZbin with identity verification) for every major change made to the channel, such as a video upload, delete, name change, etc. that way it is literally impossible for stuff like this to happen without the number being compromised.

I don't post videos, but if this happened to me I think I'd just quit the internet.

I love that Elon is now synonymous with crypto scams.

I wonder if that was caused by the RCE that Outlook had recently and LMG uses MS Teams, so they probably use Outlook for emails as well

I love how the picture appears every time Linus is mentioned.

I was a victim of that cookie hack yeaaaaars ago before it became popular to do it. Ever since I've gotten a lot more careful about downloading things, especially stuff sent by less tech-savvy friends. You can be the most careful person alive but if only just one of your friends is naive, they're gonna get to you too, through them.

Press F to pay respects for the hard R

Thank you for taking the time to show this... OBSD is the way to go..!!!

They should give everyone with full access to the channels account (probably just a few people) a live Linux USB with encrypted persistent storage. Something exactly like Tails just without Tor. Then only use it for uploading & accessing the Google account. For transferring files from the editors computers use a SD card as it has a smaller attack surface than USB. Maybe even give these computers their own VLAN for good measure.

They qoute tweeted that tweet the main joking about *THIS* being their greatest tech fail.

I'm actually interested in statistics of victims from Linus audience who will eventually fall to this scam, kinda curious if consuming mediocre (in a good way) tech content raise situational awareness Edit: well, 7000$ is a good number

agreed. Google definitely needs to fix the issue of only needing the cookie. It should require the password or the 2FA or potentially a backup email.

I saw this happen live and also got to see some unreleased shit which was cool. Hopefully they get their channel back.

Does Google not tie session tokens to IP addresses? 😕

I'm still pissed that google hasn't fixed the issue where you don't need password and 2fa to change password. To be honest business/creator account should have option to password check even if you edit, add or remove videos.

1:10 Linus has talked in the past about how they use KZbin as a backup in case they use the local video files if necessary. So that is actually likely the case.

Google not requiring a password to change the password shows you just how seriously they take security, which is to say, not seriously at all.

Mental Outlaw, would you ever do a podcast? I could spend hours listening to you talking about hacks and other IT related things.

That thumbnail is amazing

I wonder if having a Security Key for 2FA would prevent this.

Can't even find the channel anymore, wow

Waiting for the Linus tech tips “How we got our KZbin channel taken over”

I'm so old I remember when it was good practice to not accept a password update without some form of authenticating the user requesting the update. And not just an existing session. Yes it's a bit annoying, but far less than getting locked out of a hijacked account.

This happened to me. It finally disappeared after I wiped my hardrive. It's 100% a malware hack. Someone downloaded something.

the fact he was anti linux or mac for so long demands the question why he wasn’t hacked sooner.

You have 400K? Damn congrats bro you deserve it

C'mon we all know kenny's channel was hacked and replaced by deepfake cooking recomendation machine. Finally it's here:

There's an even worse bit about the Google session hack: many sites use Google to login, such as Reddit, Ebay, and many, many others. So if the login info could be gotten, then all those sites may be at risk. Maybe I'm just scared of something that can't happen, but just the thought of that convenience being used against us is very terrifying.

i still cant fathom how anybody can fall for this type of scam

eTeknix was hacked with a live scam and their channel and videos were restored, so it's good to see that "smaller" channels get taken care of