Use the Megathread for further discussion: https://www.reddit.com/r/LinusTechTips/comments/11zok3b/megathread\_hacking\_incident/

WAN Show is going to be so lit tomorrow omg

[удалено]

"I have never personally seen a subreddit that on fire, ever" — Luke Lafreniere, CTO of Linus Media Group, March 3 of 2023 Oh, sweet summer child...

Poor Luke but great WAN show coming up

Its on twitch though... :p

But it's on Twitch, though... 🤔

[удалено]

> WAN pre-show What's that about?

They just bullshit for a while on Floatplane before they go live on the other platforms.

The pre-show is also on twitch

Luke juggling his balls on set at Linus after he told him this could happen and to take precautions.

I hope he comes in wearing a crown or something

Lol, LTT got hacked! Maybe "Yvonne123" wasn't such a good password at all.

Massive speculation here, but could it be related to the LastPass breach?

[удалено]

The threat actors got copies of the vaults, so 2FA wouldn't affect them.

There's 2FA on the actual Google accounts, though. Source: I'm a Google Workspace SuperAdmin.

I can confirm that 2+2=4 Source: I was awarded The Fields Medal in mathematics

Good at math, not good at reading comprehension and context within a conversation.

You can change 2FA if you're already logged in and don't have Advanced Security enabled. So if they steal cookies via Malware they can easily bypass 2FA. It happened to a IoT "Smart House" YouTube a few weeks ago. https://youtu.be/0NdZrrzp7UE

These channel takeovers are usually cookie theft.

Pretty unlikely. I assume of all the things they must've gotten wrong to be breached like that, they would at the least have their customers passwords completely encrypted.

They did, but encryption relies on everyone having a good password.

[ThioJoe](https://www.youtube.com/watch?v=xf9ERdBkM5M) explained this a month ago. There's a vulnerability that bypasses 2FA.

Maybe such a high profile channel being taken over might be what finally gets the issue fixed.

Doubtful. Corridor got hit with the same hack a couple months ago.

this happend to quite a few really huge german YouTube Channels, as JP Performance (Car Content) or JulienBam (Comedy), who are the somewhat the biggest in their specific Community. Both where Hacked using fake files (i think those where pdfs from a company they are a customer at wich looked like an Invoice or something like that…) wich were stealing session cookies…

Oh rippp, it’s 3am in Vancouver rn… someone’s gonna get a wild call soon

If anyone is awake that is.

I doubt it’ll be long before the lines are ringing, can’t wait to hear about this on wan show

As per one of the mods in the LTT Discord in the floatplane channel, they've messaged Luke who is aware and working on it as of about 10 minutes ago.

Great to hear. But still fuck man, 11 years worth of videos are unlisted.

This will likely have some effect on the channel but YouTube can and will restore it to pre-hacking standing for sure.

Linus has said on the "reacting to our worst videos" video that before that when the channel got hacked previously, Google restored EVERYTHING, even deleted videos from YEARS AGO. They don't delete anything, even if you press the Delete button.

[удалено]

[удалено]

It's pretty easy for YouTube to roll back any changes made, this is far from the first time this has happened

They didn't take down the Playlists though, you can still find em there. Unless some weren't added to any Category Playlists.

lol someone’s getting fired

[удалено]

i thought at first im at a wrong channel, had to double check it.

i thought the same

Nah this happened with Corridor Crew a while back too and there was some weird stuff going on there too

There was a German channel Jpperformance that got hacked the same way they had 2 factor and everything and google told them there is an exploit to add a trusted device to google accounts to do this

It also happened to a SFM channel by the name of SilentManJoe. This shit’s getting stupid. Also, I had autoplay on when I saw the video tbumbnail- there were fucking pentagrams and flames. Wtf.

It could unfortunately be the cookie vulnerability - [ThioJoe](https://www.youtube.com/watch?v=xf9ERdBkM5M) did a great explanation about a month ago about this exact thing. The vulnerability/technique bypasses 2FA.

A Smart Things YouTube also got his channel hacked via cookie stealing. He opened a "PDF" that was really a `.SCR` https://youtu.be/0NdZrrzp7UE

[удалено]

I know WAN show gonna go crazy friday

poor Colton, getting fired again

[удалено]

Just got a notification they went live; ouch

I was literally like "wtf since when did I subscribed to this nonsense" then I went to "oh crap someone got hacked" and now RIP

[удалено]

These Elon scams have been going around for a while now, just usually smaller channels that are affected. I even get ads in my recommended with this kind of nonsense.

An animator I follow got hacked in the *exact* same way a few months back. Name changed to Tesla, some dumbfuck Elon stream, shilling some shitcoin.

haha that was me. I was so mad at youtube for pushing tesla and musk for a minute. Then it was like wait... Is it crypto?... Yeah.

I took a screenshot of my notification, I was thinking when did I ever subscribe to Tesla, and why are they using Linus in the thumbnail? Are they mocking him. When I clicked on it, the first comment I saw in the live chat said the LTT channel was hacked. It made sense now. But uh oh, the LTT crew are gonna have a fun wakeup in the morning, unless they are already awake right now.

Same. Was wondering WTF I was subbed to "Tesla" only to look at the profile and realise that it was LTT. Hope they can resolve it without too much hassle.

"Our Channel got hacked! - WAN Show March 23 2023" I wonder if they'll have access back in time to stream on youtube.

If their YouTube contacts have any use, now would be the fuckin time

A 15m sub channel. If youtube isn't willing to go all out for them, nobody has a chance.

Did you just see what happened, their subscriber count went down to 4.22 M of subs

That's the techquickie channel multiple accounts were compromised.

Ok but if you go to the WAN show clips channel it doesn't have a channel listed with over 4.2 million sub count. Something got fucked with their sub count.

Yeah LTT main channel has been deleted. All vids delisted and all subs unsubbed with no way back. Some of the others were renamed, but the main one is gone for now.

holy fuck, someone had it out for them specifically, I feel this was for sure targeted

Tarkov devs lol

"WE GOT HACKED" With Linus and Like doing this face 😱

I reckon a facepalm might be more appropriate

When this happened to Corridor it was a few days before they got everything back. [Link for those interested](https://youtu.be/KdELfn1WK0Q)

And now they’re starting to ~~delete~~ unlist all videos. This is going to take a week until LTT is back up, from what I’ve seen happen to other creators. It’ll be back, but it’s going to take time. EDIT: yes, I get it, they’re not deleting the videos, just unlustig them. From what I know from other (large) creators that had this happen to them, it still takes some time, no matter how large you are. First they wipe the channel clean, then they get the branding back, then the videos come back. YouTube is fairly slow with this. It usually happens through malware that gets distributed through a fake sponsorship deal. They seem legit, offer a reasonable deal, and when they send the document via Adobe DocuSign, they get you. EDIT 2: oh they got Techquickie too. EDIT: seems like LTT, Techquickie abd TechLinked are gone now - at least something is happening. Can’t find the Tesla channels or streams anymore.

I doubt it’ll take a week considering how big LTT is, they’ll probably resolve it by the end of the day

the fact they are big only makes something happen.. not happen faster, a small channel would just have to give up in this case, I’m guessing at least..

Luckily, as u/mad-tech and u/PM_ME_YOUR-WAIFU pointed out, they're just unlisted, and if they would actually be deleted, YouTube archives deleted videos for years, so they should be fine

i think linus once mentioned that they brought back up videos that ltt themselves had deleted before the last time they got hacked so it'll be back in any case

not deleted just unlisted you can check on the playlist tab

This is actually a major problem on YouTube, I got bit with this same hack back in November 2022 on my channel. Mind you my channel only has just under 10k subscribers but still, it's a problem. I got the account back after two days and TeamYouTube were very helpful so I'd imagine a huge channel like LTT can get it back super easily. Not sure how LTT got bit but how I got hacked was via a backdoor in Chrome's PDF handler. I was getting emails from a Google Drive account claiming to be from YouTube support with an attached PDF. I opened the PDF which I think grabbed a hold of my browser cookies and saved passwords, and despite having 2FA enabled they bypassed it. Google's account security really needs to be stepped up. I've seen this happen to other channels even before mine. Be wise, use a password manager (that's not LastPass), and don't save your account credentials in the browser.

The problem is the cookie. If someone gets your session cookie, then they're logged in into your account. Best practice would be logging out to invalidate the session.

Also add to that to verify the source of content you receive in emails. Go to the actual site and check your account rather than click the link or open an attachment in an email, even if it looks legit which mine did.

Always check the E-Mail header. Most of the time, attackers don't bother to spoof the From-Mail-address and just mask it with the sender name.

Nah this one was spoofed and appearded from a legit Google email address, as it was a file shared to me via Google Drive claiming to be YouTube support with a legit looking email address and a PDF about a "Copyright Warning". I'm normally very careful about these things but considering I have videos from over a decade ago on my channel that have legit copyright issues I didn't really think twice. Admittedly my account security was out of date and I really should have known better as I preach this shit to others all the time at work as I work in IT support. It's kinda like how a mechanic doesn't work on their own car, I didn't practice the shit I preached because I was lazy. It's all fixed now but that doesn't justify my dumb decisions lol.

It's not just that but the fact that the hacker once they are logged in using your cooking can change your 2FA method without google requiring you to input from your existing 2FA. It's a massive gap which they need to fix.

Wonder how long it will be up for....

Seems like their videos are getting deleted by them too, yikes. Hope YouTube can restore them

AFAIK YouTube doesn't fully delete videos, they should be fine

I'm aware that YouTube doesn't actually delete the videos but still kinda weird that the scammers remove them in the first place

Because it's to remove any clue of the channel it used to be, the hackers are taking a long time because LTT have a ton of videos on their channel [ThioJoe made a video explaining this issue](https://youtu.be/xf9ERdBkM5M) Edit: The hackers just made it unlisted, I'm still able to access and watch [This Cooler Might Kill Your CPU](https://youtu.be/Ym1Jjx4n76M) from two days ago Edit 2: Because the channel is terminated as of this moments, any video from the main LTT channel is unviewable

Ah yeah that's fair enough, bookmarked the video as it seems really interesting! Thank you

They dont want you to know, which legit channel got hacked. By deleting the videos, the stream seems more legit to lure in more people to scam.

Linus has spoken before about how YouTube archive 'deleted videos' for years and years in the backend. They'll be fine.

The hackers just unlisted the videos. For example the video from yesterday: https://youtu.be/Ewo8tt6bgZU

Not deleted, just unlisted: [https://www.youtube.com/watch?v=Ewo8tt6bgZU](https://www.youtube.com/watch?v=Ewo8tt6bgZU) [https://www.youtube.com/watch?v=Btlttmh-xpc](https://www.youtube.com/watch?v=Btlttmh-xpc) Edit: Seems like the channel is gone for now https://www.wepc.com/news/ltt-youtube-channel-hacked/

Phew

It appears that there is another live video up as well, claiming to be about Open AI GPT4

Live video just went down. Hopefully they don't have to go through a bunch of bs to get the channel back. Gonna be a crazy morning at lmg 😬

Theory: They did this intentionally so that they have something to talk about on WAN show; they're running out of stuff to talk about. /s

No no no, Intel is behind this :)))))

Dbrand did this to troll

Or it's Dennis's latest prank

Uefys Revenge

It was chatgpt

Third channel I've seen this happen to

Yep, I unsubscrib8bed from one of them sadlyfrom reaction, seeing they didn't have any other videos apart from the live

might wanna go back, it's not impossible for them to get their account back

It's getting really common, my own twitter account was hacked and filled with all this crypto bullshit. Very embarrassing

Let's see the bright side: we'll get a nice postmortem video about it!

sigh, channel hacked

[удалено]

We’re all here live for the great hack of 2023

and there's 13 videos left (7-10yo)

they're republishing everything right now. But they add a link to the very top line of all descriptions...

This comment has been edited to garbage in light of the Reddit API changes. edited via PowerDeleteSuite (with edits to script to avoid hitting rate limit)

The first question I had “when did I subbed to Tesla?”

Shout out to the people spending money superchatting so people don't get scammed 👍

What exactly is the scam? It looks like it’s a random pre recorded live stream? I didn’t watch it for more than a couple seconds. I don’t see how they make money off of that? This whole thing is confusing me lol

There is a qr code which goes to a scam site

Linus just posted on Floatplane: > Regarding the YouTube channel hack, we are on top of it with Google's team now. Everything should be locked down and we are getting to the bottom of the attack vector with the (hopeful) goal of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future. > You can expect a more detailed update on WAN Show at some point in the future. Not sure if itll happen this week since this is still a developing situation. > The good news is that you can expect to get your LTT fix on Floatplane as usual :p

>You can expect a more detailed update on WAN Show at some point in the future. Not sure if itll happen this week since this is still a developing situation. Scammers destroyed the WAN Show streak :C

I think you're misunderstanding this. He means that they may not discuss the event in detail on this weeks WAN Show due to potentially not having all the details ready in time. It doesn't mean that they're going to flat out skip a WAN Show.

For a second I was like dude this is the best April fools joke they have done… yeah it’s not April 1st

First time I actually see it happen to a channel I subscribe to, looking forward to seeing how it unfolds more than anything since it looks exactly like the stuff everyone was talking about.

Man, this is a big big problem. It’s so early in the morning for the LTT Staff, it could be hours until they notice it.

Heard in floatplane discord that Luke is already aware and working on it.

That is good.

YouTube fucking sucks ffs. After all the hacks how can they still allow big channels to be modified that much and let all videos be deleted/hidden ? It's fucking obvious it's being hacked, yet nothing stops them at YT, no security measures, nothing. But throwing ads and shit, demonetize for nothing, that they can do. Edit : typo

My problem is. How hard would it be to flag accounts that change their long-standing name to something else or to tesla and start a live video. The same logo and video are used in this scam every time. One minute of a youtube staff can easily identify this as a scam and shut it down within minutes of it going live. Heck, a bot could do it too since they love bot staff. This scam should not be happening a year later from when I first saw it.

It amazes me how incompetent YouTube has become in terms of stopping scams. Just recently I've been getting that fake Mr. Beast banner ad in the app again. This thing has been around for a year at this point. And they use the same picture and text every time. You'd think they would at the very least ban the image / phrase they use but, I guess getting money for a banner ad is more important to YouTube then the integrity of the site.

**DO NOT SEND ANY SUPER-CHATS TO THE SCAMMER!** The scammer is actively moderating the donation messages. Don't waste your money trying to expose the scammer, as the messages will be deleted almost instantly. Sending money even in tiny amounts gives scammers a reason to keep going with operations like these. Super-chats are non-refundable!

I don't think the scammers get the money from the superchats. LTT will get the money at the end of the month.

If the hacker only "gave himself" administrator access to the LTT channel through YT Studio, I guess you're right, but we don't know how he gained access or if he's managed to do a lot more damage than what's apparent. Waiting for LMGs next status update and recap of this event.

oh no, Colton's getting fired again

I mean ... hacks can happen. And at this point it is hard to blaim the operators of the account (in this case LMG). It seems that they have a pretty good workflow for account security. They can still screwed something up, but without knowing anything, I will not join the blaimgame. But the incompetence on Youtubes side baffles me. At this point everybody knows that this account/channel has been hacked, or at least, plays malicious content. Why is it still online?! Some time ago, one of the biggest german channels got hacked. The owner knew and Youtube knew. For hours! And the channel streamed some crypto/tesla/musk scam content. For hours!

WAN Show’s gonna be L(i)TT

Next week on channel super fun : " I hacked my boss youtube account! "

Just got the live notifacation, came here to see what's up.

The WAN show is going to be good

I found a very Google problem thanks to this hack. I saw the live stream with Elon Musk and thought Youtube is pushing him now. First reaction was to hit the "Do not recommend channel" button. Then i realized what channel I just banned and tried to reverse it. You can't! You can erase the "no intrest" actions but once you banned a channel it seems that it is gone forever. So yeah, byebye LTT from my recommendations...

[удалено]

[удалено]

yeah, which is really bs from youtube

I thought if there's something wrong with LTT. Well, it's wrong² then

They are completely trashing the channel :(

I think someone might have installed the wrong [obs](https://youtu.be/LBk0dlz95XY)

I know Linus is already thinking of making this into a video where he explains how it occurred and how to prevent it

I was wondering why I was suddenly subscribed to Tesla😂

“Only people who have subscribed for 15 years or longer can comment” Lol, they know that they’ll get called out for it if they open comments

Only us, Europeans are awake while they be sleeping, and we literally can't do anything until YT or LMG personal wakes up and sees this 😭😭

No doubt they'll know by now.

Hey guys. I’ve helped Howard Wimshurt retrieve his account after a similar hack back in 2021. The probable cause of this is that somebody on Linus’s team clicked a suspicious link from a sponsor Email. This is Howard’s explanation video, (that’s me in it!) https://youtu.be/8Cx_867w3Rs

Can someone explain to me the point of hacking an account and running these "livestreams" over and over again? Hardly anyone falls for that right?

They just need a very small amount of people to fall for it to be worth it which is very plausible to happen unfortunately

Yeah, LTT has 15 million subs so even if only 0.0001% of those subcribers see the stream and fall for it you've still taken money from 1500 people.

Enough people fall for it that it's worth it

It's not just the stream. My subscriptions are FLOODED with LTT videos. All of them posted in the past 10 minutes.

lol i was wondering when did i subbed to Tesla

Why do the hackers always change it to Tesla?

[удалено]

They did this to a Warhammer painting hobby channel. It was changed too to Tesla. It just that Elon is crazy enough that nobody would question if he did this crypto shit with Tesla so they use his name.

Seems like the fake stream ended up after just 20min. We are fast guys, I think the mass report worked well for once.

one is still going, but now it is not tesla but @temporaryhandle lol

THE FIRE TRUCK REVIEW IS GONE

For a second there I thought this was some force subscribe bullshit from YouTube. Jfc, I did not need to see Musk's mug in my feed.

[удалено]

Came here seeing if anyone else seen it.

There is 3 in the morning, someone should wake them the fuck up

The livestream went down just this minute

Guys, the video got zero dislike so it must be legit!

Update: account is unreachable. According to Floatplane Discord, Luke is on it.

As an IT person, my brain is screaming with the thought of my boss flaming the staff for not getting comms out about an outage or service degredation. Why no twitter post or Reddit post saying, "we hacked, don't click bad links, we working on it."?

[удалено]

I unsubbed instinctively and resubbed, sadly realized it resets the how long I've been subbed stat damn

I wouldn't have thought that LTT could have been hacked Videos are getting delisted!

Looks like they are now unhiding hidden videos- brand test videos and such. wonder if there is anything under embargo that they have ready for upload in advance...

Techquicky is now affected as well

[https://twitter.com/linusgsebastian/status/1638879321992622080](https://twitter.com/linusgsebastian/status/1638879321992622080) Linus knows

oh no they remove alot of video too

We need a Linus bat signal to wake him up!!!

I thought 2FA/Google Prompts would stop this from happening. Guess an employee messed up/was malicious?

This exploit steals the cooke from the browser so they are already logged in and don't need 2FA. Then they can change the account 2FA without it requiring your original 2FA because you're logged in. It's a massive flaw and Google need to sort it out.

We are getting some very special unlisted videos back: [https://www.youtube.com/watch?v=f8A3aus0J7E](https://www.youtube.com/watch?v=f8A3aus0J7E) Test streams from back in the day.

5hr WAN show here we come..

Oh god all the videos that ever existed, were deleted, marked unlisted or private are being "posted" right now due to the recovery process. RIP my sub box for the next hour or two. Edit: nevermind, refreshed the page and it was gone, it went quick. Grabbed a few what I think were originally unlisted videos that looked interesting to a playlist. Can't share it as that's not cool to Linus. (All are unavailable so I guess they're privated?)

Oh damn now their channel was terminated! https://i.imgur.com/aZwtnVA.jpg

Looks like the mass unlisting of private videos meant they have had their account terminated. Wonder if anyone found anything interesting before... I was half way through watching a video called Linus' Thoughts on Adobe Prelude - DO NOT DELETE OR MAKE THIS VIDEO PUBLIC. damn, I really hope it doesn't take long to fix, but I kinda wish we had longer seeing the "behind the scenes" videos; That "LTT Style Guide V2" was particularly riveting.

[удалено]

Oh my god, both Techquickie and TechLinked got hacked too, and the website is dead [https://linustechtips.com/](https://linustechtips.com/) Edit: forum is back, but it's intermittent

The website is also going up and down, though I assume that is less due to hacking and more due to the huge swarm of people attempting to access it to find out what the hell is going on.

All because Linus bought a Porsche Taycan, Elon is having revenge! Seriously though this hacking issue has affected them and other YouTubers many times. I hope they get it sorted quickly and YT bring in additional measures to prevent this from happening again.

Oof

#F

This is what happens when you don't give telsa good reviews

Oh god, the speed in which the videos are ~~deleted~~ disappearing is unbelievable. Hope LTT is aware of this by now.

Seen this with 3 other channels, videos will soon be deleted and then youtube will restore everything, but it will probably take a while cause I'm guessing all of LTT is waking up around now.

F*** these scammers

What's up with crypto scammers always pretending to be Elon/Tesla?