How YouTubers Are Getting Hacked

Подписаться 3,1 млн

Просмотров 285 тыс.

50% 1

Protect your browsing with Guardio, plus get a 50% discount with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
• Article about StreamJacking: labs.guard.io/streamjacking-h...
• Article about MasquerAds: labs.guard.io/masquerads-goog...
▼ Time Stamps: ▼
0:00 - Intro
0:32 - The Scam Streams
3:32 - A Good Thing Indeed
5:27 - Speaking Of Google & RU-vid
7:23 - The Malware
8:58 - Fake Sponsorships
9:55 - Scams I've Seen
11:09 - Fake Download Sites
12:26 - Some Tips
14:12 - Final Rant
The prevalence of RU-vidrs getting hacked is on the rise, leading to channels being hijacked and taken over, leading to fraudulent streams that present scams such as fake cryptocurrency giveaways. Several channels with millions of subscribers have been compromised. Hackers change the channel's name, profile picture, and even the @handle, which changes the channel URL. The hackers use a type of attack called session hijacking or cookie stealing, which means that they can totally bypass 2FA, then lock the RU-vidr out of their account and even change their password and remove their 2FA methods. Though the malware responsible for this has various tricks to avoid detection and can affect anyone. The malware gets to the victims through fake sponsorships or emails that include malicious payloads.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

Наука

Опубликовано:

1 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 1,2 тыс.

@ThioJoe Год назад

⚠️Here is another video I made about how to DESTROY the scam domains these hackers link to 😤😤😤: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-0fIUiv9-UFk.html

@JohnDoe-lm6or Год назад

I think RU-vid just got hacked in my subscriber feed there is “Tesla” which I have not subscribed to and it’s a live stream with Elon talking about bitcoin. No one can chat either since you have to have been a subscriber for 15 + years. I should say that it’s just that channel itself and not RU-vid

@nerd2544 Год назад

a few hours too late man they got linus already 😭😭😭😭

@NicknamesAreBetterThanHandles Год назад

@@nerd2544 beat me to it

@JohnDoe-lm6or Год назад

@@nerd2544 oh I see now rip LTT

@pcislocked Год назад

you saw that uptick in traffic eh? lol

@thinthle Год назад

Hopefully now that it's happening to massive channels like LTT RU-vid will be forced to pay more attention :/

@itskdog Год назад

Linus has said on Floatplane that they're working directly with RU-vid to find out how to stop this for good.

@thinthle Год назад

@@itskdog Hope they listen. It wouldn't surprise me if a lot more people are gonna use remote acces keys in the near future to minimize these kind of risks. Or at least prove to google the account was theirs to begin with if they get infiltrated on an active logged in session.

@dannydanny9875 Год назад

Linus has a great Team. He'll find a way to fix everything.

@benpiano800 Год назад

Yeah I think LTT is the biggest channel it's happened to so far

@garfieldandfriends1 Год назад

I feel that ThioJoe actually provide tech tips that is more important than LTT tbh

@MicrosoftGuy Год назад

Every time I turn on my Smart TV and open RU-vid the homepage is invaded by these videos... I believe that RU-vid and browsers needs to take more advanced security measures!

@K-Zone Год назад

Nah that's bc you watch them, but yes, they do need to take it more seriously

@nflisrigged1395 Год назад

They don't care about us . Stop supporting RU-vid

@palomarjack4395 Год назад

They have no intention to stop it. Why should they, they get money when those play.

@_Meexy Год назад

@@nflisrigged1395then y u use this platform

@dplj4428 Год назад

ThioJoe, RU-vid videos can be downloaded. Can that downloading drop a virus? I finally did RU-vid subscription because of ads.

@NerdLFG Год назад

Looks like this exact thing just happened to LinusTechTips. And yea, the powerless feeling as a person who cares about a channel is strong. We have to sit back and watch the hacker delist/delete videos and post their scam live stream while we can do nothing. I can't imagine what it would be like to be the channel owner right now.

@Nomi-D-Yagami Год назад

Yes but it's finally recoverd

@laurapeterson146 Год назад

Yes. Like, how can we small channel owners even contact Google support once we got hacked (there is no way to quickly contact them because Google Studio support is, well, inside RU-vid Studio). And where / what is the form / method to recover our account? I think someone mentioned there is a Google form somewhere to input to, but where is that - not sure.

@Gamer8585 Год назад

I remember a time when being internet smart boiled down to don't run any .exe or script files from unknown or sketchy sources. Good times. Now it's that plus relying on multibillion dollar international companies to NOT be completely incompetent in their core business domain. Seriously? No reauthentication for changing passwords or 2FA settings and no internal process for employees to verify and report hacking and abuse? This is pretty basic stuff that I can't imagine would have significant (if any) costs.

@sorbetkidyoutube Год назад

I legit once got a virus trying to download cheat codes for a GameBoy Color game. I know it sounds stupid, but believe me, IT HAPPENED.

@isaacbejjani5116 Год назад

That still is the best way to avoid getting hacked. Google should fix the 2FA bypass, but every hack of this style still starts by running an executable from a sketchy site.

@greatveemon2 Год назад

@@isaacbejjani5116 i think the hackers are using your own devices to bypass the 2FA without you knowing it. I keep getting a 2FA on every new devices that I'm trying to login.

@RunicSigils Год назад

@@greatveemon2 all they are taking is the session cookie. There's no way to clone your device in the way you've made up in your head. The correct response here to make sure this can't happen is to require a non-text (SIM cards can be cloned - text messages absolutely should not be used for 2FA), non-gmail email (Google session cookies would mean they should have access to that as well) 2FA to change security settings if you have changed IP addresses. In other words require one from an account, software, or hardware that those people should not have access to. I have seen some people (who should absolutely know better) stupidly suggest that they should require a 2FA every time you change IPs but that would just make things like VPNs annoying. The vast majority of people are not going to be constantly changing their security settings though (and anyone who is has issues that this will probably help) so requiring it every time for that is fine. SIM cloning and Gmail access are almost certainly what's going wrong here. So if they just require a 2FA that isn't those, 100% of the time you attempt to change security settings when your IP has changed since you last accessed it, there's no reason to suspect that they would be able to do more than minor damage to the accounts they gain access to.

@transmitterguy478 Год назад

RU-vid doesn't care they are making too much money.

@MacTX Год назад

Sounds like Google could easily deal a crippling blow to the hackers just by requiring reauthentication for the password change request, but they don't/won't.

@KevinBenecke Год назад

Sometimes one has to wonder just how much the hackers are paying Google to look the other way.

@robloxaalexx Год назад

It's because they steal the password too. They steal everything you saved on your browser and most people save the password on their browser to not retype it.

@MacTX Год назад

@@robloxaalexx This RU-vid hack/attack steals something much more valuable, your browser's session security token. This isn't the early 2000's where all you needed was to steal someone's username and password. We have 2FA now, a firewalled 2nd generated code that you get via SMS or through an authenticator app if you want to make major account changes, like changing account ownership. Stealing password wouldn't do anything with 2FA as you still would need the 2nd factor. That's the entire point of 2FA, it's also why the SIM swap exploit started happening to high priority targets/individuals, far easier to social engineer someone at the cellphone provider than to break 2FA. And also why authenticator app 2FA has replaced SMS 2FA for a lot of people, it stops the SIM swap exploit. With 2FA in play, even if they had access to the channel, they couldn't change account ownership unless they had the 2nd factor. This attack is more an exploit of Google's protocols. For whatever reason, Google doesn't force a 2FA reauthentication for an account ownership change allowing the hackers to completely bypass 2FA. This attack is dangerous because it bypasses 2FA, not because it breaks it.

@KevinBenecke Год назад

@@robloxaalexx A lot of times saving the password also keeps you signed in so when you return to the website, it goes right in unless you log out. Amazon does this. It doesn't sign you out unless you sign yourself out. Even the app on the phone does this.

@davidcobra1735 Год назад

They do ask you to re-enter the account password. What are you talking about? The hackers steal all the data in your internet browsers, including all of your saved passwords. It's why I don't save my passwords in the browser anymore. They got me with a pishing scam a couple of years ago but Google sent me a notification that a new device logged into my account and I immediately locked down the whole account seconds later and I changed the password. They did manage to sync all of my mails and browsing history and all that. Google's actually much better than other websites/services when it comes to this kind of thing.

@Dtr146 Год назад

The real messed up part. Some of these people who hijack channels will outright delete videos on a channel. Unless their channel is important enough to be backed up or they have a backup of them. Those videos are gone forever.

@shadowcomputing Год назад

This is exactly why I archive all my videos on my local PC and usb hdd.

@ghost-user559 Год назад

They actually almost never do that. If they do, the views and therefore the ability to get the algorithm to recommend the channel are directly connected to the videos. So by RU-vid connecting a channels view time and ad sense to the video itself, if they delete the videos, then they effectively just got a useless channel. The strategy now is to private everything on the channel for that reason. Which is a good thing, because it means when people get their channels back they get everything back how they left it.

@leonro Год назад

That is actually not the case, although they rarely delete videos for the reasons mentioned in the comment above. RU-vid doesn't delete the videos from their servers, even if you delete them from youtube. I remember that they had tools with which you could get your videos, deleted or not, in the original upload quality. I'm not sure if they're still available, but they will definitely not delete video files from their servers for a good while because of reasons such as these hacks, and they can be restored after the dust settles down.

@CsabaTothMr Год назад

YT should be able to recover them IMHO, but that might not be the reality.

@xWood4000 Год назад

@@leonro I don't remember the source anymore but I believe someone said that the videos are actually deleted from atleast some CDNs

@HapYTMC 11 месяцев назад

This has happened where me and my friend looked up a streaming software and I luckily realised it was fake because it was an ad from Google. Google really needs to stop this

@AtomicShrimp Год назад

Thanks for the warning. Yeah, I am getting a ton of the fake sponsorship emails at the moment

@bookedsam Год назад

@nightwingnl5354 Год назад

In the short 2 months of this year I've already seen like 5 channels I'm subscribed to get hacked

@notspm9157 Год назад

What needs to happen at RU-vid to prevent this 1) Channel Name Change requiring another confirmation by 2FA 2) Name change for the account blocks live streaming for 1 day 3) If the changed name involves Tesla SpaceX MrBeast hold the account until someone can look at it

@Szklana147 Год назад

Google have to prevent changing password without 2FA/U2F authentication. It is a standard procedure on bank sites. Why that basic "feature" cannot be implemented in other services?

@mixer0014 Год назад

@@Szklana147What makes it even funnier is that most lower budget and importance websites like online games and forums have that feature in place.

@773Spair Год назад

I would have 2) be a 1-week wait or so: 1 day isn't long for the scammers to wait, and I doubt many real account holders would be significantly hurt by having to wait a week.

@Airton2 Год назад

@@andymerrett it's both

@greatveemon2 Год назад

What if you lost your phone and you're still logged in? and when you want to change the number and password into your newly replaced phone but the problem is the 2FA is still sending the code to the phone that you have lost? And now suddenly google logged you out and locked your account after failing to enter the 2FA code.

@fazekasroland2968 Год назад

These tesla live hijacks have gotten really common. I am subscribed to a ton of channels old and new. These last couple of years every 3 months or so I see one of these tesla live streams in my subscibtion box. I can usually figure out whose channel it is from either the about section or the community posts, they don't tend to wipe those. You mentioned that these streams can potentially be up for hours before they are dealt with, but actually I've seen some online for days. Even with channels upwards of 500k subs.

@Twinklethefox9022 Год назад

Happened to someone I watched. I didn't know who they were so I unsubbed from them until I learned what the channel was. He got his channel back.

@martin0499 Год назад

Linus tech tips now

@JetSetDman Год назад

The second you mentioned the scam site's claim of "doubling the crypto you send them", my mind immediately jumped to the RuneScape gold doubling scam. Glad we're on the same page! Great vid by the way! I've seen this happen to a number of channels I'm subbed to and always wondered how it happened. Great to finally have some background on it!

@rositatimmermans220 Год назад

It's ridiculous sounds especially a person the doesn't know how to used Them knew technology.

@markpeters6430 Год назад

Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, RU-vid decides to start paying attention to this.

@geraldh.8047 Год назад

Most likely, nothing will change. RU-vid is not run by competent people these days 😢

@DylanDurdle Год назад

not likely going to amount to any additional by YT to do anything about this.

@CA_Hariharaniyer2023 Год назад

@@geraldh.8047 It has been like this for a decade. So it's nothing new

@Theunicorn2012 Год назад

Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, RU-vid decides to start paying attention to this,

@officialyashvirgaming 8 месяцев назад

@@Theunicorn2012 Guys don't install Guardio chrome extension it will have full access over your browser, this means they are logging your COOKIES, PASSWORDS, Session Tokens , Refresh Tokens , Access_Token also. I do not TRUST guardio.

@thebluemarauder Год назад

Your mention of doubling money in Runescape unlocked a core memory for me. Dude convinced me he had a secret dupe exploit and could dupe any item. I gave him my god staff. He kind of started at me for a minute, perhaps surprised that someone was that damn gullible, and then walked away. I learned a valuable lesson that day.

@ardentdfender4116 Год назад

Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.

@Theunicorn2012 Год назад

Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.

@Bruh_471 11 месяцев назад

@@Theunicorn2012Copycat

@shizutokujowara8787 Год назад

Linus getting hacked now 😭

@DrXJ Год назад

Came here from the LTT Shout-out 😁

@MrXemrox Год назад

9:00 Before this part, I had a bit of a moment of phobia of digital cookies of any kind, and I thought that's all they needed to hijack you. I was a bit relieved to learn that they didn't become that strong of a threat that not avoiding shady sites and ignoring scam emails can protect you. For a moment, it was an irrational fear of digital cookies before getting to this part.

@Twinklethefox9022 Год назад

So did I.

@embismusic Год назад

i know you probably wont read this thio, but i just gotta say... please never stop making content. I know the views are down, and you probably invest more time than its worth back in monetary gain, but you make some of the best, most consistent high quality tech content ive ever seen. and your core subscriber base knows that, even if a video has 200k views or 2 million views, it's gonna be of the same quality no matter what. one day youll be one of the greats. road to three mill.

@lovelost234 Год назад

Amen to that brother 👍🏾

@WolfWriterL.P Год назад

yup!

@ericrodriguez1432 Год назад

I had to quickly download OBS a few weeks ago on my laptop and now I'm skeptical about downloading from the right source. Fantastic T-T

@S_Roach Год назад

My go-to is to try to find it from a handful of (what I believe to be) safe download sites, such as cnet, or tomshardware. Some of those link back to the project's website, but that's fine. Preferred, actually.

@icecreamjunkie6790 4 месяца назад

Did anything happen?

@sorbetkidyoutube Год назад

Sadly, this is not a new issue for RU-vid, for this has been going on for several years.

@sorbetkidyoutube Год назад

@iii___iii Damn that's a long time. I wouldn't be surprised if it actually started when it first came out.

@rositatimmermans220 Год назад

It's true.

@rositatimmermans220 Год назад

Why would I change a password for this person it's a unique password to Each in individuals.

@chidubemanukwu Год назад

How did you prevent this

@MissPepperss Год назад

Thank you so much for all you do for everyone that watches your channel. Hearing about these scams has been helpful to me as my email was hacked. I am watching out for everything now. Thank you

@NtGism Год назад

You uploaded this video a few days after a couple of channels I'm subscribed to changed to that tesla bs (a few weeks between the two incidents IIRC) and just had to watch it. When I saw LTT channels being affected I immediately remembered this detailed video. Linus and team are also aware of it, but sadly too late. I hope his mention of you on their latest video brings more people to your channel. Keep up the good work

@BrunoDeGamazoyAbarca Год назад

I was hacked a few months ago using this method; they started spamming crypto-shit with Tesla and Elon Musk, obviously. Fortunately, i was able to recover quick and didn't lose any data. Also, lots of my favourite youtubers have been suffering from this in the last few months, in fact, it happened like an hour ago for one of them. Thanks for the video, really instructive and interesting!

@TechnologistAtWork Год назад

This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration video. You've always been ahead of the rest of hacks and scams. More people need to subscribe to this channel to keep up with the cyber security trends.

@HighestRank Год назад

No subs let's all rss to remove its blip on hacker's radars.

@TechnologistAtWork Год назад

@@HighestRank was that even English? I have no idea what you're talking about.

@Reed_Peer Год назад

Let's remember the fact he used to upload satirical tech guides back in 2015-2017

@TechnologistAtWork Год назад

@@Reed_Peer so?

@Theunicorn2012 Год назад

This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration vidso.

@scipionyx Год назад

Watching this after Linus Tech Tips account hack is so bizzare

@rbh2na Год назад

1:10 that's now Linus... here after Linus got hacked also (successfully recovered and mentioned this video) 🙂

@leonro Год назад

tbf LTT is also a toy channel, more specifically an RC fire truck channel

@norminaluser Год назад

Thank you for keeping us informed of those techniques and how to get prevented!

@sakenu16 Год назад

Saw your channel being referenced by LTT so I came over to find our more about how these scams are happening and something that sounds so preventable by having companies retype username and password again for any security changes.

@dontscratchmycarbro7805 Год назад

sometimes I miss your trolling videos but like you said you got burnt out on them and videos like this are very useful

@eddy2561 Год назад

As a retired computer/Windows IT tech, I'm amazed how many people then and now fall for scams!!!! And, it will only get worse.....Great video Joe!!

@dead2selfShema Год назад

Not all of us are geeks, it took me a long time to figure out how to get the drink holder on the desktop tower to come out, and calling geek squad to find out how to turn on the same desktop tower during a blackout to use the fireplace screensaver to keep warm until power came back on.

@zelowatch30 Год назад

Aren't you just glad Susan is finally leaving who allowed scams to run wild?

@DavidCruickshank Год назад

@@zelowatch30 Cause the crypto bro that replaced her is going to be so much better 🙄

@lifeisbutadreamsodreamon Год назад

Definitely an interesting and informative video... yes I am aware of this scam (i watch scam baiting content and this has been covered, and one even got hacked themselves and covered how it had happened). But you added more detail and is up to date, and reinforces awareness too :)

@lovelost234 Год назад

Which channel was that? I ask because I'm interested in the lessons they learned from being hacked. And what recommendations they gave to avoid it happening again.

@tjwatts1207 Год назад

Linus sent me here, glad you are spreading the word on this. Too many creatives are having their livelihoods threatened by this kind of BS.

@Joe-lb8qn Год назад

Just realised i visited one of these taken over channels a few days ago. It was a live stream (and it was live) but realised id seen it before and comments were indeed limited to 15 year members which i didn't understand at the time. Now it makes sense. Didnt watch it long enough to work out their scam

@xeon6281 Год назад

As a webdeveloper, I must say it's pretty dumb that they don't encrypt the cookies including the user's IP (and maby other fingerprints), its pretty basic.

@itskdog Год назад

Even if the browser encrypted the cookie on-disk, it would still need to be decrypted at some point to send it to the website, so it can just wait until your browser decrypts then inject itself and scan the memory.

@dragoneyr1632 Год назад

Giving big creators the option to report hijacked channels may backfire. As soon as this new feature would be introduced, scammers could use it as another source to scam people out of their channels. "We've taken down your channel because of a report on behalf of x. Click on link y to be taken to the (not so real) report form", continuing the cycle as compromised channel owners will be like Yup. That's compromised, so that link must be real

@cekart Год назад

Yup, as I replied in another comment, this very practice happens all the time in FB where digital mobs massively report an account so that FB bans it, and it is widely exploited because of the "anyone can report" policy. So putting a mechanism to report blocked/hijacked/owned channels is a bit more complicated than that.

@Konic_and_Snuckles Год назад

RU-vid should give YT partners unique "self-destruct codes" that could be entered into a secure Google form or app without needing the account credentials or 2FA. Entering one of these codes would then automatically revoke all active session tokens, reset all passwords and restrict all managed accounts to view-only, notify an assigned YT channel rep (or general YT Support if it's a smaller channel), and _irreversibly deactivate the account and all associated channels for a set period of time_ , say, 24 hours. Having a one-way kill switch like this would allow YT partners to instantly lock out hackers and keep them out, giving them precious time to work with YT to identify the source of the security breach, regain account access, perform a damage assessment, and rollback any channel vandalism if necessary. This isn't some new concept either. Plenty of websites allow users to end currently active sessions or suspend their accounts, either with a single click or by entering a password. The only thing Google would need to do is make these actions available to their partners in a way that is secure, reliable, and expeditious.

@ThioJoe Год назад

I like this idea. There would have to be some kind of waiting period to change such codes though to ensure the hacker doesn’t just reset them as soon as they get in.

@gorkskoal9315 Год назад

do you have any idea how fast that'd go wrong? if people think youtubers hungery for that sweet google cash is bad now, just wait till that backfires and someone is goatse'd so hard they're pooping out dally the clones.

@wilfredotorres6628 Год назад

Hi ThioJoe, there's another scam as well which impersonates the youtuber and tells you to download signal because you have won some type of prize and what they do is tell you to pay for shipping and you get nothing. Of course, it isn't as bad as what you mentioned but they still harass you constantly.

@bitelaserkhalif Год назад

I call them cirno bots Because some of them use same number with cirno AKA circle 9

@JoshuaDDales Год назад

I've encountered a variant of this where the scam account tells you to go to a Telegram account.

@selfharm27 Год назад

@@bitelaserkhalif Mmmmmm cirno bots

@ghozysamudra3786 Год назад

Who came here after waching Linus channel hacked?

@Tanzim-Kazi Год назад

And now, Linus Tech Tips is the victim to this. I actually had few of my favourite RU-vid channels or channels that I subscribe to that had their account hacked to promote crypto, Tesla, or something. Aside from Linus, one channel focus on making satirical VHS videos and one had over 10k subscribers. Fortunately, both eventually got their account back. On a side note, I am also a victim of RU-vid account being compromised, but thankfully, my account did not get changed to promote illegal schemes. In fact, RU-vid and Google temporarily disabled that account to protect it from crypto or Tesla hacks. This was one of the most stressful times of my life because my Google account is important for me (not just for you to but also for keeping photos and keep notes), but thankfully, I got my account back.

@celsonjunior9376 Год назад

ive seen one of destiny 2 content creator Toadsmoothie get hacked and after made a video about it, he stated a person who he inspired to become a ytber reached to him and aided him step by step on what to do and he got a physical key to his channel and thats one of the only ways he can keep his yt account safe

@marianl3447 Год назад

REally appreciate your well informed educational vids...we NEED this info!!

@vibe_sauce Год назад

I’ve been seeing a lot of channels I’m subbed to get hacked, thanks for speaking out about this problem

@Dtr146 Год назад

I was watching an episode of hak5 about session hijacking. The only way I can think of to get around that kind of attack is setting up your browser not to remember anything. But then you would have to log in every time you access RU-vid. Even then. Your session is still saved every time you click on something otherwise it would log you out.

@MaxPower-11 Год назад

It’s not practical to not store session cookies because then every user interaction with the remote site will require reauthenucation. Probably the best RU-vid could do is have a defined set of actions which *always* require MFA like changing the channel name or password.

@S_Roach Год назад

@@MaxPower-11 Shouldn't even require MFA. Not everyone has that enabled. Should require you to log in again, and MFA if you have that enabled.

@MaxPower-11 Год назад

@@S_Roach The reason why MFA (vs. just re-entering the user’s password) would be highly preferred in the scenario presented in the video is that if the victim is infected with malware that’s sophisticated enough to steal local session cookies, it could potentially also capture the current (and new) password when it is entered by the user.

@ghost-user559 Год назад

Honestly for the time being this world be the only truly effective solution until something is done about this.

@BenjaminDenverstone Год назад

I'm a member of a channel that this happened to. He made a twitter post telling us. Plus, I got an email that my membership had been paused so I knew something was going on.

@PinkyTech Год назад

A lot of bigger channels falling victim recently and I was absolutely shocked that the cookies can be used from multiple locations and there is no 2FA prompt for changing the channel name or the 2FA methods. Security 101, you don't allow 2FA to be changed without authenticating.

@Xmetalfanx Год назад

i missed this video but came here from Linux Tech Tips who got hacked and referenced this video, giving ThioJoe a shoutout

@kristfur Год назад

This makes me question of Google/RU-vid has a security department. Even if it's one person, they should be on top of these issues.

@Theunicorn2012 Год назад

This makes me question of Google/RU-vid has a security department. Even if it's one person, they should be on top of these issues.

@officialyashvirgaming 8 месяцев назад

@fluffyspark798 Год назад

Linus tech tips just got hacked lol

@awakenedcrowl Год назад

This is a dang informative video, even just regarding to how scams and virusses work.

@sagarchakraborty8487 Год назад

Who else came here after LTT disaster?

@Theunicorn2012 Год назад

Who else came here after LTT disaster?

@juliusrule6216 Год назад

@Stinky0368 11 месяцев назад

What’s the LTT disaster

@BoilingDietCoke 10 месяцев назад

It is not remotely over, LMG is in big trouble. Fraud.

@BoilingDietCoke 10 месяцев назад

@@Stinky0368Gamer Nexus explains.

@papadane6807 Год назад

There are some hackers that spam family guy compilations on the hijacked channels. Very ridiculous.

@VelnixFilms Год назад

Thanks for your insight on this. So to reduce the risk on getting hacked we could also just log out from our login session. Or delete the cookie manually so we have to use 2FA next time. Like a workaround. But ofcourse it starts with not downloading malicious software. Furthermore it feels like RU-vid support team is being (partly) hired or run by external companies. Some support staff don't speak correct English, don't know about their own FAQs and I had to tell them what was in their own FAQ. Especially with chat support.

@takufner Год назад

I saw some videos about the hack mentioned here and read a lot of comments! This is the first time I see mentioning this logout approach... The local cookie in your machine is tied to a session in the server! If you log out from your machine, that session will stop working and the stolen cookie will have no use anymore! Hacker will not be able to access your account anymore! Is there something wrong with this approach? I'm not an expert, so I'd like some validation about this. Thanks.

@VelnixFilms Год назад

@@takufner As a software developer I can tell you that just logging out from your machine (read: windows log out / shut down) isn't enough. Your cookie is stored locally, and it's stored, so it's somewhere on your PC and remains until you remove the cookie or invalidate the cookie. By logging out from your RU-vid account, the cookie will be invalidated. Or you can delete the cookie manually (and after refresh, you will be logged out). Or you can use incognito mode, so it doesn't save the cookies and only use the cookies one time. But thinking about this approach makes me uncertain if it's 100% waterproof. What if you log in again, and at that particular moment the hacker comes in? Then he will have access probably. My approach would probably not give 100% safety, but might lower the risk of getting hacked. Especially at inactive moments on RU-vid (like why would you keep your logged in session open while you're not even using YT that day on your PC). Even more important is keeping hackers away. My approach is just some theoretical thought of me :)

@adodido8127 5 месяцев назад

I got hacked! 7 years building channel, got 77,7k subs, and youtube terminate the channel! wow! I have do everything but they insist my channel have legal/trademark violations, so they terminated it! P.S : THEY KNOW the hijacker that do that, and I'm the owner is innocent. But they say they can't restore my channel. What a waste.

@doctorspook4414 Год назад

You got a shout-out from Linus of LTT. Congrats!

@trishhoff6869 Год назад

You just described what happened to one of my favorite creators that I watch on RU-vid. Her account got hacked and she couldn't even get back into it because they had changed her password. I am going to forward this on to her so that she does not feel all by yourself.

@kingofpizzarolls5693 Год назад

I'm very worried for all the channels that don't get brought back.

@spacekettle2478 Год назад

What I got from reading Jason's response is that it feels like RU-vid is so large and the number of people they hire to do all that customer support is also very huge that giving them all access to some form of internal admin system would be a risk in and on itself, or something like that.

@spiritairfan 2 месяца назад

The first thing that comes to my mind when I hear a channel for hijacked is UTTP

@zahighobeira Год назад

Coming back to watch after LTT got hacked, media companies seriously need to implement solutions to solve this annoying problem.

@gorkskoal9315 Год назад

Like what? This the most 90s problem ever: if you get an attachment: scan it with an antivirus first? these days can even use your favorite cloudbased email. gmail, or skydrive or hotmail or what ever else is out their to check files.

@ethanoverwatch407 Год назад

I had this happen to me and I lost thankfully only $130. All my passwords and accounts were compromised and thankfully I knew pretty quickly what was going on, so I changed all of my account's passwords. (Had them all in an excel). It was so strange to see my youtube account posting tutorial videos, and quite scary. It could have been a lot worse, Don't download sketchy things!

@kunka592 Год назад

Use a local password manager. Like KeePass or something.

@ethanoverwatch407 Год назад

@@kunka592 That would be wise and probably easier, but I enjoy being able to store other stuff too (eg. 2FA backup codes & such)

@RunicSigils Год назад

Or you could just simply not shill garbage to people. You know who this wouldn't happen to? People that only work with products that they actually know meaning they're far less likely to be caught up in this because they'd already know the signs that it's a scam. If you're willing to shill random things for money you deserve to lose everything.

@NMSHAFKI Год назад

This is very important video for each RU-vidr thanks for making this video THIO

@Matin_M 8 месяцев назад

5:45 I love how the man is just slapping his laptop like that's gonna do something 😂

@myyou2b Год назад

Thanks for this, Joe. Keep up the good work!

@PabloBatistaArq Год назад

Who's here after the LTT hack?

@anthonii.x Год назад

LinusTechTips just got sniped with this

@GregoryShtevensh Год назад

Apparently two of Linus's channels now

@MistyKathrine Год назад

@seb_gibbs Год назад

Web servers should not authorise cookies which are being used from an IP that is in a completely different country. . This protocol is pretty easy to add. .

@ianjeffery3762 Год назад

This just happened to Linus Tech Tips

@jrmariobro 2 месяца назад

A+Start just got hacked today using these techniques. One of my favorite channels to watch: gone by some stupid scammer scumbags.😡 Stay safe!

@TopHatProductions115 Год назад

Are cookies and local storage currently secured in many cases? Or can pretty much any running process access them? If it's used for session initiation/management/tracking/termination, I think said files should be protected by access permissions and/or encryption. Maybe guarded by a credential management account on the OS? No automated access to said data?

@MightyDantheman Год назад

The cookie thing makes no sense to me because the website can still check for the IP and browser ID. There can also be ways to identify a device, to see if it's one that was used before or not. Lastly, settings should most definitely require verification. I definitely agree with the end of the video.

@johncoops6897 Год назад

There is not really such thing as "browser ID". We wanted to remain anonymous, ya know.

@MightyDantheman Год назад

@@johncoops6897 There is if you look it up. But outside if that, haven't you seen "Trust this browser" or "Trust this device" before? There's all sorts of tracking methods, some of which have existed for over a decade. There's even new technology being developed to rely less on cookies.

@mightylink65 Год назад

Hackers don't just "get in" like they do in the movies, the victim always has to allow them in by downloading a file or clicking on a link. People need to be more careful...

@FeliciaMitchellOfficial 8 месяцев назад

What to do exactly Mate

@Neakakhtar Год назад

thanks very informative liked it bro love you does this attack the small channels ??

@WolfWriterL.P Год назад

This was one of the most informative videos i have ever watched concerning scams. Thanks so much, youtube needs more videos like this one!!

@rafsan69 Год назад

and now LTT is hacked by the same guys

@GFunkEra1992 Год назад

I've seen this before, same as you said. They receievd a sponsorship email, clicked on the link and the hacker changed the channel name, banner, locked out the owner of the channel and put every video on private. The hacker started a live streamed untill it got banned by the utube AI. Crazy part is the Channel owner was not responsible for the hack, hes assistant who had a been added as a secondary owner was the one who clicked on the link. After sone time the issue was resolved but in the meantime when people see a channel name who they do not recognise who streams crypto stuff people unsub.

@herschell64 Год назад

It looks like it happened to popular gaming channel Did You Know Gaming yesterday as I was watching a video on another channel and suddenly got these weird notifications, it wasn't until I looked this morning that I found what had happened

@abj1203 Год назад

Here after LTT got hacked and just got back up. Gonna keep this in mind, eternal vigilance and skepticism.

@zUltraXO Год назад

I'd like a copy of Being Skeptical As Heck 2023 Pro 3 year edition please

@PanicattheDiscourse Год назад

Which brings us to a paradox, as many legit companies don't check their communication to see if it could be perceived as spam. I once ignored a legit sms from a collection agency because it had a spelling issue (the collection itself was an error in their system).

@ManAdam712 Год назад

Those were constantly in my feed in the summer of '21. I had been learning about blockchains&crypto at the time, but had never searched anything about Tesla, Elon, or 'doge', yet it was everywhere. I haven't seen any very obvious jacked streams in probably about a year now. 🤔

@divadsn Год назад

They also achieve it by overtaking control over your channel after adding them as channel admins...

@Collector3476 Год назад

If Google and RU-vid are very serious about the safe of their users then they should start to take down these channels before user click something that malicious or a scam.

@bilalahmad9638 Год назад

Just came here after watching LTT video.

@flebnard Год назад

I check the community post tabs to see what the channel once was. Usually that stays when the videos get wiped

@redlemon5153 Год назад

Recently this happened with me even though with 2FA my RU-vid account was hacked, i was logged out from all my devices as well.. lost my Google photos, and all google related services I was connected too ! Was in depression tbh... Well then I tagged RU-vid on Twitter explained them everything and within few days I got my account back ! But I don't feel secure at all even tho I had really strong password and 2FA ;

@MrXemrox Год назад

If you can, share this with your favorite RU-vidrs.

@peterpaul195 Год назад

I watched this a month ago, can't believe LTT/Linus would be one of the latest victims.

@RobertSalas Год назад

I'm also a victim of this last year.

@Theunicorn2012 Год назад

I watched this a month ago, can't believe LTT/Linus would be one of the latest victims.

@KaldekBoch Год назад

I'm really disappointed that more endpoint security tools aren't doing behaviour analysis. There are so many ways to run malware in a fileless manner, traditional methods of malware detection just don't work.

@ledgeri Год назад

I would like to see an update where there are the options for following, and the user can opt in -on a slider or something like windows UAC-thinking about the most stricter options (and branded as heck as the handles were): -If you want to comment you have to give your password once a day (minimum time-value, can be longer auth-ed period), -If you want to upload, or stream give a 2fa confirmation, every time (eg because of mass upload listings or preparation: 1 hour cooldown, when the system asks again for it (running stream auth.-ed) -If you want to delete, or change anything serious (name, handle, profile pic, videos etc) full 2fa. The modifier of this switch behind a full login+2fa. I bet many of the stolen channels' creators would live with these options. For a normal youtube consumer not a real issue.

@John_Fugazzi Год назад

Since the beginning of this year, almost weekly I receive emails that appear to be from some of my RU-vid subscriptions complete with their channel photo telling me to contact them on one site or another (not on RU-vid or an email response) because I won a prize. I just delete them but I feel bad for the people who actually run these channels here. I should probably tell them in their comments that this is going on.

@S_Roach Год назад

I report them. I did that on another channel, that tagged me in a comment, just a few minutes ago. The replying comment copied the channel name, but added an underscore to it. Click on the vertical ellipses beside a comment, on the right-hand side, and select "report" from the very small number of options, (currently, the only option, as far as I can see).

@fredericapanon207 Год назад

I try to add a reply to a post by the channel owner telling them about @ThioJoe's Spammer Purge videos.

@kdoe1305 Год назад

If you’re using any browser in Linux, Google does ask for the current password in order to continue with sensitive changes. I think it will ask you for the current password every time if you’re logged into an account under incognito mode, which in this case would be the bare minimum.

@AkiraElMittico Год назад

Exactly , that's what I thought , this only affects Windows users then.

@johncoops6897 Год назад

@@AkiraElMittico - Rubbish. It has nothing whatsoever with the operating system.

@theftking Год назад

So if the hacker that has compromised your account and is now trying to make sensitive changes _isn't using Linux,_ it's useless. Doesn't make any sense. This isn't related to operating systems.

@ScottobozoGD Год назад

A couple RU-vidrs I watch were hacked in this way not too long ago. It turns out the hackers didn't mess with the community tab though, so I could figure out who it was that way.

@GlamEye Год назад

A popular music channel called ambition music just got hacked a few hours ago. It has over 1 million subscribers and now the hundreds of music videos are gone and replaced with videogame hack scams and a live crypto scam stream, also it was renamed to microstrategy.