Share this @internewscast.com
YouTube channel Linus Tech Tips and two other Linus Media Group YouTube channels have been restored after a major hack allowed a bad actor to do things like livestream crypto scam videos, change channel names, and even delete videos. In a new video, owner Linus Sebastian explains that the breach bypassed things like password and two-factor protections because the bad actor targeted the session tokens that keep you logged in to websites.
According to Sebastian, someone on the Linus Media Group’s team downloaded “what appeared to be a sponsorship offer from a potential partner” and launched the included PDF with the terms of that offer. But Sebastian says this offer actually included malware that accessed “all user data from both their installed browsers” — including session tokens — which effectively gave the bad actor “an exact copy” of the browsers that they could export and use to wreak havoc without needing to enter security credentials.
Linus Tech Tips, TechLinked, and Techquickie are all back, but Sebastian has some suggestions for YouTube to prevent future breaches of a similar nature. For example, he’d like to see greater security options for certain channel attributes (according to Sebastian, you can change the name of a channel without having to enter a password or use two-factor authentication) and some kind of confirmation or verification request if somebody tries to mass delete videos.
These sorts of YouTube channel takeovers have become increasingly common as of late, and changes like Sebastian’s recommendations would hopefully prevent them from happening in the future. YouTube didn’t immediately respond to a request for comment.
I do recommend watching Sebastian’s full video explanation, which includes more details about what went down. But be warned: the video includes some security footage of a naked (though blurred) Sebastian in his house as he works to figure out what’s going on.