Major PC tech YouTube channel Linus Tech Tips has been hacked and is unavailable at the time of publishing. From the events that have unfolded, it looks like hackers gained access to the YouTube creator dashboard for various LTT channels. After publishing some scam videos and streams, control of the account was regained by the rightful owners, only to fall again to the hackers. Now the channels are all throwing up 404 pages.
Hackers who took over the LTT main channel, as well as associated channels such as Tech Quickie, Tech Linked and perhaps others, were obviously motivated by the opportunity to milk cash from over 15 million subscribers.
Among the spammy videos the hackers quickly started to stream, were promotions for Bitcoin giveaways seemingly backed by the likes of Elon Musk and Tesla. The Bitcoin giveaway scam appeared to be phishing for people to reveal their crypto wallet details, reassured by a big brand like LTT and Tesla. You can see in the images that the channel names and logos were also edited by hackers, changing channels to ‘Tesla’ or ‘LinusTechTipsTemp’.
This story is still developing, and while this is unfortunate for LTT, the fact that the channels are locked down suggests normal service will be resumed in due course. We have heard complaints about YouTube security over recent weeks, with at least one well-known tech channel complaining about potential exploits in the comments section. Even more seriously, the eTeknix channel was hacked a few weeks ago, but has now been fully restored.
Surely some people are very busy in the background at both LTT and YouTube, with channel owner Linus Sebastian tweeting a slightly exasperated statement “Yes I know -_-”.
Yes I know -_-March 23, 2023
More revealing information was released to the LTT Floatplane channel (pay wall), with Sebastian stating that everything is now “locked down,” and that LTT is working with Google’s team to help ensure this kind of hack isn’t going to become more common.
This has been going on for several months and Google hasn't fixed anything.
Prompt: Generate a highly overphotoshopped and misleading technicolor picture with an ugly face, giving an expression that makes an overly positive ad for a forgettable mouse appear to be about the worst disaster in human history
But they would never.
no plan for them have options to require authentication if new ip address is used.
they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.
its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
It seems like a major annoyance to the user with no actual security benefit.
Not exactly...It's just KISSS now 'Keeping Information Stolen Sales Strong"
Well usually the Gmail account password is the same as to the Google account isn't it? But yeah, by default, Google doesn't ask for anything more than the password and it alerts the user there has been a login from a new device, I guess it's up to the user to decide if they want some kind of 2FA...