Search
Search
Published: March 24, 2023 | Source: Linus Tech Tips | Author: Mark Campbell

Linus reveals the cause of Linus Media Group’s YouTube hacks

Linus reveals the cause of Linus Media Group's YouTube hacks

Linus Media Group’s YouTube channels were hacked through a fake sponsorship email

Following yesterday’s hack, Linus Media Group has officially regained control of their YouTube channels, including Tech Linked, Tech Quickie, and Linus Tech Tips, all of which were seized by hackers in the early hours of yesterday morning.
 
Following the hacking of these channels, attackers had quickly changed the name of these channels to Tesla, or something similar, and used them to stream podcast-style videos promoting AI and cryptocurrencies using footage of Elon Musk. Within the stream chats of these videos, the hackers pointed viewers towards a website where they planned to use a fake crypto giveaway to scam people.
 
These types of YouTube hacks are all too common on YouTube, with most of these scams using the concept of a crypto giveaway to entice victims into sending money to scammers. The scammers claim that users will be sent more money in return than they send to the scammers, a promise that is not kept. Our advice is to avoid any kind of crypto giveaway, and to keep an eye open for scammers on YouTube.
 
Linus Sebastian, the owner and operator of Linus Media Group (LMG), has confirmed that their hack originated from a fake sponsorship email which contained malware. This malware stole the cookies from a LMG employee and hackers used them to take control of several Linus Media Group YouTube channels.
 
This type of attack is incredibly common on YouTube
 
Linus Media Group is not the only company that has been affected by this kind of YouTube account theft, and this kind of attack is extremely common. Given how this hack uses stolen cookies, it is likely that Google and YouTube could easily strengthen their security mechanisms to prevent such attacks. This hack did not require compromised passwords and bypassed the protections of two-factor authentication, despite the fact that hackers were using stolen authentication cookies from the other side of the world. 
 
One easy way for YouTube to help avoid this kind of security issue is to make their authentication cookies region or IP locked, preventing them from being used by hackers outside of the victim’s global region. Additionally, authentication prompts should be asked for by YouTube when channel name changes and mass video changes or deletions are requested. These changes would prevent this kind of hack from doing major damage to YouTubers and their channels.
 
In the video below, Linus Sebastian explains how their channels were hacked yesterday and what YouTube can do to prevent this from happening again.

YouTube and Google need to harden their security against these hacks

Given how long this type of account theft has been a problem on YouTube, the company has gained a reputation amongst victims as an organisation that does not take this kind of security breach seriously. This has to change. YouTube has the ability to make this kind of account breach impossible by tightening of existing their security mechanisms. 

YouTubers have a limited ability to prevent this type of account takeover, as this kind of breach does not require compromised passwords or any other kind of traditional data breach. All they need to do is open a fraudulent attachment from a fake sponsorship email and hackers have the ability to take over their YouTube channels. While this kind of hack can be avoided by teaching YouTubers and their staff how to spot these kinds of attachments, YouTube can stop these hacks entirely by blocking this attack vector.

We hope that YouTube can respond to yesterday’s attack by updating their security mechanisms accordingly.

You can join the discussion on Linus Media Group regaining control of their YouTube channels on the OC3D Forums.

Latest News