Linus Tech Tips reveals how scammers took control of X / Twitter account

Linus Tech Tips had their X/Twitter account hijacked, and they broke it down on the WAN Show – the channel’s podcast.

The hack was a fairly basic email scam. After receiving an alert that their X account was accessed in Russia, Linus raced to lock it down.

However, as Linus points out, he was heavily distracted. It was a pool party, and he had just lit the grill. The page he found looks like an official X or Twitter password reset screen.

All this does is grab your current password by making you fill out the “old password” box. When you reset it to the new one, it doesn’t actually do anything, and now the scammers have your password.

A large part of modern-day hacking is social engineering. In an investigation by cybersecurity expert John Hammond, he found that the site would present a “wrong password”, even if it was correct.

This ensures that the hackers get the right password, as the victim is likely to retype it carefully the second time.

Hammond’s full breakdown is featured in its own video, or a thread on X.

Linus Tech Tips considered abandoning Twitter

The hackers briefly hijacked the X account, which is something Linus himself has been talking about retiring. 

“I don’t really care about the Twitter account,” Linus interjected.

“I have had multiple conversations in the last six months about just not bothering with it anymore.”

Since Elon Musk’s takeover of Twitter, the social media platform has faced criticism from some big creators. For those who have switched away from Musk’s app, some, like Linus Tech Tips, are finding their ground elsewhere:

“We don’t get a ton of engagement there, compared to Instagram, compared to TikTok.”

Linus also revealed that the company’s social media team has been redistributed to work on other areas. An example given is that they’ll get an incredibly low number of “referrals” to the links that they post.

LTT managed to secure the X account again but brought up that modern email apps obscure vital information – like email addresses. By hiding an email in a tiny drop-down menu – like in the Gmail app – it’s quite easy to get fooled by a malicious actor.