引用自 plat：

Hmm, yeah, read some articles about "cookie hijacking"--yes, so it seems LTT had used strong passwords and 2FA already. When cookies are stolen, these measure become useless obviously.

I'm glad he's back online again so quickly and explaining the situation in such detail.

He seems like an intelligent guy who knows his business. The wrong answer would be to not acknowledge what happened, or blame someone else. Besides, I think wiser people recognize a situation like this is good in the long run.

Two sayings come to mind right now...

"There's no such thing as bad publicity" and "a bad workman blames his tools".

@emoticorpse Yup. Unlike many that come her about hacked accounts Linus identified

Where the compromise had occurred.
Accepted it
Will be improving his setup to reduce the risk of it happening in future
and also dealing with Youtube to hopefully get Youtube to improve it's own security methods to prevent it from happening to others.

A much better response that some companies that just say they got hacked and never share any details.

To be honest I don't really like him. He's whole channel is very memey, clickbaity, annoying, and he doesn't focus entirely on computer hardware anymore.

If anyone is old enough to remember him working for NCIX before he left, his videos were a lot more serious and in depth. They were a lot more informative and straight to the point to what his videos are today.

There's a lot of other channels out there that provide more, better informative content about computer hardware. Linus and his staff are just so ill informative, and annoying it ruins most of the videos for me. I can easily see why his videos appeal to a younger audience , and that definitely is the case.

引用自 It's Chase：

To be honest I don't really like him. He's whole channel is very memey, clickbaity, annoying, and he doesn't focus entirely on computer hardware anymore.

If anyone is old enough to remember him working for NCIX before he left, his videos were a lot more serious and in depth. They were a lot more informative and straight to the point to what his videos are today.

There's a lot of other channels out there that provide more, better informative content about computer hardware. Linus and his staff are just so ill informative, and annoying it ruins most of the videos for me. I can easily see why his videos appeal to a younger audience , and that definitely is the case.

I agree. There's more channels out there that do things better. It also doesn't help all their videos are just packaged around an advertisement.

Edit: Even with the video they released after getting the channel back he just had to cram a sponsor in.

Well Linus' computer was already infected before he even logged into his channel. What security software would mitigate this? It would have to be some kind of enhanced firewall to block outbound calls from the browser maybe?

I use Sandboxie but I pay for something called Windows Filtering Platform that supposedly restricts network access from the box. I'm waiting for a reply to this question I asked in another forum.

Not saying that complex passwords and 2FA/MFA are useless, they certainly are not. But no kind of single security layer is bullet-proof, sadly. I tell you: these info stealers are def. no joke.

引用自 plat：

Well Linus' computer was already infected before he even logged into his channel. What security software would mitigate this? It would have to be some kind of enhanced firewall to block outbound calls from the browser maybe?

I use Sandboxie but I pay for something called Windows Filtering Platform that supposedly restricts network access from the box. I'm waiting for a reply to this question I asked in another forum.

Not saying that complex passwords and 2FA/MFA are useless, they certainly are not. But no kind of single security layer is bullet-proof, sadly. I tell you: these info stealers are def. no joke.

Not sure how it's infected but possibly a firewall?. I mean you can have all the malware on your pc but if it can't connect outbound, it isn't much use is it?.

引用自 emoticorpse：

Not sure how it's infected but possibly a firewall?. I mean you can have all the malware on your pc but if it can't connect outbound, it isn't much use is it?.

Right, I said that already. lol.

But whatever firewall Linus had didn't do anything, so what extra would one need? It's mostly curiosity but if you do online banking, there is a bit of heightened concern. Clearing the browser session after you're done isn't enough if you're infected and you don't know it yet. Just don't open any emails during that time outside of your bank's 2FA request, I guess.

Like I said: I'm hoping my version of Sandboxie with network filtering could block this. But I don't know. It's the weekend, I have to be patient with any replies.

Wow, these info stealers are def. no joke. Actually, I'd go so far to say: I think Linus got off lightly compared to other victims.

引用自 ⎠⎝Zushikatetomoto⎠⎝：

引用自 Cathulhu：

LMG/LTT has several sub channels, as all are tied to one account, they all were affected.

The thing is other channels are effect not just those ones.
Youtube really needs to fix this issue.

Well YouTube = Google so it's a Google problem. But really it's probably a lack of something the channel owners were doing right on their end. Twitch folks had this issue for years and it isn't some new thing.

引用自 Bad 💀 Motha：

引用自 ⎠⎝Zushikatetomoto⎠⎝：

The thing is other channels are effect not just those ones.
Youtube really needs to fix this issue.

Well YouTube = Google so it's a Google problem. But really it's probably a lack of something the channel owners were doing right on their end. Twitch folks had this issue for years and it isn't some new thing.

Was one of the employees opening an email and a compromised PDF file that had malware. The Malware grabbed info on the browser including their Youtube login token so the hijackers never needed to know their username, password or 2FA codes.

Linus explains everything in this video after they regained control and got their YT account back up
https://www.youtube.com/watch?v=yGXaAWbzl5A

I'm to the 5:41 mark on that video and I want to ask this just in case he doesn't specify. Does anyone know here if that pdf file that was clicked was actually a .pdf file or was it a .pdf.exe file?

If the latter, they're dumb. If the first one, damn that's crazy. I didn't expect that. Gonna finish watching the video now.

引用自 emoticorpse：

I'm to the 5:41 mark on that video and I want to ask this just in case he doesn't specify. Does anyone know here if that pdf file that was clicked was actually a .pdf file or was it a .pdf.exe file?

If the latter, they're dumb. If the first one, damn that's crazy. I didn't expect that. Gonna finish watching the video now.

They go into a little bit more info on their WAN Show stream.

From what I understand, it was a fake sponsorship offer. Someone at LTT downloaded something related to the fake sp0onsorship offer and this contained the malware.

There's not a lot of detail yet specifically what info stealer that was and whether it used Powershell scripts to stay under the radar. If you're still following this a week from now, you might get an answer.

Furthermore, Google/YouTube is partly to blame--it's not stricly LTT. Foir one thing, Google has advanced protection for content creators yet very few are aware this exists.

The Verge source on page 1 has all this info.

引用自 plat：

From what I understand, it was a fake sponsorship offer. Someone at LTT downloaded something related to the fake sp0onsorship offer and this contained the malware.

There's not a lot of detail yet specifically what info stealer that was and whether it used Powershell scripts to stay under the radar. If you're still following this a week from now, you might get an answer.

Furthermore, Google/YouTube is partly to blame--it's not stricly LTT. Foir one thing, Google has advanced protection for content creators yet very few are aware this exists.

The Verge source on page 1 has all this info.

I saw the part where he said something like "a security concern should have been raised when the session token or something was happening from the other side of the world" and that is very true.

But at the same time I imagine a guy like him and a lot of high profile uploaders travel extensively and probably end up really making changes from different ips or something. Especially if they shared an account and different people are accessing it from different locations all the time, then they'd be like "wtf, can we like disable this crap already so we aren't being nagged so much?".

Not saying for sure that would have been his case, but maybe. Pretty sure he is right though in that a lot of things should be addressed, but I really want to know the details of that pdf click. If that never happened to begin with would they still be saying Youtube/Google security needs to be addressed?

I'm not trying to talk junk. I know things happen. I'm just trying to ask the questions that should be asked instead of NOT asking them.

引用自 plat：

From what I understand, it was a fake sponsorship offer. Someone at LTT downloaded something related to the fake sp0onsorship offer and this contained the malware.

There's not a lot of detail yet specifically what info stealer that was and whether it used Powershell scripts to stay under the radar. If you're still following this a week from now, you might get an answer.

Furthermore, Google/YouTube is partly to blame--it's not stricly LTT. Foir one thing, Google has advanced protection for content creators yet very few are aware this exists.

The Verge source on page 1 has all this info.

And that's a great reason why one should stick with allowing only legitimate brands to sponsor them.

And if you impersonate a legitimate brand?