Linus Tech Tips explains how YouTube channel got hacked for crypto scam streams
YouTube: LinusTechTipsYouTube star Linus ‘Linus Tech Tips’ Sebastian has explained how his YouTube channels managed to get hacked and deleted, without the hackers going after his passwords.
On March 23, fans of Linus Tech Tips – the biggest channel out there for PC content – were shocked to find that three channels worth of content had disappeared and been replaced by cryptocurrency scam streams.
These types of attacks aren’t new, and have constantly cropped up on YouTube and Twitch, but it was shocking that Linus – whose content is all about knowing the ins and outs of tech – had fallen victim to it.
Well, after firefighting things and managing to wrestle back control of his channels, the YouTuber has revealed what happened, including the fact he had to get out of bed in the early hours to get things sorted out.
Linus Tech Tips explains how his YouTube channel got hacked
The Canadian tech supremo revealed that it wasn’t like someone targeted their password directly to get into his account, but, instead, they went after their whole browser profile, which made it even more difficult to combat.
“Someone on our team downloaded what appeared to be a sponsorship offer from a potential partner. It was an innocent enough mistake for the most part. The email came from a legitimate-looking source and it didn’t raise any immediate red flags,” Linus said, noting that whatever ‘PDF’ was downloading, didn’t launch as it should have and was thus ignored.
“What happened in the background took about 30 seconds. The malware accessed all user data from both of their installed browsers, Chrome and Edge, including everything from locally save passwords, cookies, and browser preferences. Giving them effectively an exact copy of those browsers on the target machine that they could export including, that’s right, session tokens for every logged-in website.”
He noted that the hack could have been “easily avoided” if the team had better processes in place and that it took longer than it should have to fix things because of how roles are dished out for his channels.
“The bottom line is, our disaster response processes need to improve because I realized at three whatever in the morning, that I didn’t know how to reset the passwords and the access controls across these channels,” he added, before urging Google to improve communication and security options around these issues.
Things are back to the way they should be across the three compromised channels, so expect the usual videos soon.