How YouTubers Are Getting Hacked
Ғылым және технология
Protect your browsing with Guardio, plus get a 50% discount with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
• Article about StreamJacking: labs.guard.io/streamjacking-h...
• Article about MasquerAds: labs.guard.io/masquerads-goog...
▼ Time Stamps: ▼
0:00 - Intro
0:32 - The Scam Streams
3:32 - A Good Thing Indeed
5:27 - Speaking Of Google & KZread
7:23 - The Malware
8:58 - Fake Sponsorships
9:55 - Scams I've Seen
11:09 - Fake Download Sites
12:26 - Some Tips
14:12 - Final Rant
The prevalence of KZreadrs getting hacked is on the rise, leading to channels being hijacked and taken over, leading to fraudulent streams that present scams such as fake cryptocurrency giveaways. Several channels with millions of subscribers have been compromised. Hackers change the channel's name, profile picture, and even the @handle, which changes the channel URL. The hackers use a type of attack called session hijacking or cookie stealing, which means that they can totally bypass 2FA, then lock the KZreadr out of their account and even change their password and remove their 2FA methods. Though the malware responsible for this has various tricks to avoid detection and can affect anyone. The malware gets to the victims through fake sponsorships or emails that include malicious payloads.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Пікірлер: 1 200
⚠️Here is another video I made about how to DESTROY the scam domains these hackers link to 😤😤😤: kzread.info/dash/bejne/Ypp9t8uvaZC7ds4.html
@JohnDoe-lm6or
Жыл бұрын
I think KZread just got hacked in my subscriber feed there is “Tesla” which I have not subscribed to and it’s a live stream with Elon talking about bitcoin. No one can chat either since you have to have been a subscriber for 15 + years. I should say that it’s just that channel itself and not KZread
@nerd2544
Жыл бұрын
a few hours too late man they got linus already 😭😭😭😭
@NicknamesAreBetterThanHandles
Жыл бұрын
@@nerd2544 beat me to it
@JohnDoe-lm6or
Жыл бұрын
@@nerd2544 oh I see now rip LTT
@pcislocked
Жыл бұрын
you saw that uptick in traffic eh? lol
Hopefully now that it's happening to massive channels like LTT KZread will be forced to pay more attention :/
@itskdog
Жыл бұрын
Linus has said on Floatplane that they're working directly with KZread to find out how to stop this for good.
@thinthle
Жыл бұрын
@@itskdog Hope they listen. It wouldn't surprise me if a lot more people are gonna use remote acces keys in the near future to minimize these kind of risks. Or at least prove to google the account was theirs to begin with if they get infiltrated on an active logged in session.
@dannydanny9875
Жыл бұрын
Linus has a great Team. He'll find a way to fix everything.
@benpiano800
Жыл бұрын
Yeah I think LTT is the biggest channel it's happened to so far
@garfieldandfriends1
Жыл бұрын
I feel that ThioJoe actually provide tech tips that is more important than LTT tbh
I remember a time when being internet smart boiled down to don't run any .exe or script files from unknown or sketchy sources. Good times. Now it's that plus relying on multibillion dollar international companies to NOT be completely incompetent in their core business domain. Seriously? No reauthentication for changing passwords or 2FA settings and no internal process for employees to verify and report hacking and abuse? This is pretty basic stuff that I can't imagine would have significant (if any) costs.
@sorbetkidyoutube
Жыл бұрын
I legit once got a virus trying to download cheat codes for a GameBoy Color game. I know it sounds stupid, but believe me, IT HAPPENED.
@isaacbejjani5116
Жыл бұрын
That still is the best way to avoid getting hacked. Google should fix the 2FA bypass, but every hack of this style still starts by running an executable from a sketchy site.
@greatveemon2
Жыл бұрын
@@isaacbejjani5116 i think the hackers are using your own devices to bypass the 2FA without you knowing it. I keep getting a 2FA on every new devices that I'm trying to login.
@RunicSigils
Жыл бұрын
@@greatveemon2 all they are taking is the session cookie. There's no way to clone your device in the way you've made up in your head. The correct response here to make sure this can't happen is to require a non-text (SIM cards can be cloned - text messages absolutely should not be used for 2FA), non-gmail email (Google session cookies would mean they should have access to that as well) 2FA to change security settings if you have changed IP addresses. In other words require one from an account, software, or hardware that those people should not have access to. I have seen some people (who should absolutely know better) stupidly suggest that they should require a 2FA every time you change IPs but that would just make things like VPNs annoying. The vast majority of people are not going to be constantly changing their security settings though (and anyone who is has issues that this will probably help) so requiring it every time for that is fine. SIM cloning and Gmail access are almost certainly what's going wrong here. So if they just require a 2FA that isn't those, 100% of the time you attempt to change security settings when your IP has changed since you last accessed it, there's no reason to suspect that they would be able to do more than minor damage to the accounts they gain access to.
@transmitterguy478
Жыл бұрын
KZread doesn't care they are making too much money.
Every time I turn on my Smart TV and open KZread the homepage is invaded by these videos... I believe that KZread and browsers needs to take more advanced security measures!
@K-Zone
Жыл бұрын
Nah that's bc you watch them, but yes, they do need to take it more seriously
@nflisrigged1395
Жыл бұрын
They don't care about us . Stop supporting KZread
@palomarjack4395
Жыл бұрын
They have no intention to stop it. Why should they, they get money when those play.
@_Meexy
Жыл бұрын
@@nflisrigged1395then y u use this platform
@dplj4428
Жыл бұрын
ThioJoe, KZread videos can be downloaded. Can that downloading drop a virus? I finally did KZread subscription because of ads.
The real messed up part. Some of these people who hijack channels will outright delete videos on a channel. Unless their channel is important enough to be backed up or they have a backup of them. Those videos are gone forever.
@shadowcomputing
Жыл бұрын
This is exactly why I archive all my videos on my local PC and usb hdd.
@ghost-user559
Жыл бұрын
They actually almost never do that. If they do, the views and therefore the ability to get the algorithm to recommend the channel are directly connected to the videos. So by KZread connecting a channels view time and ad sense to the video itself, if they delete the videos, then they effectively just got a useless channel. The strategy now is to private everything on the channel for that reason. Which is a good thing, because it means when people get their channels back they get everything back how they left it.
@leonro
Жыл бұрын
That is actually not the case, although they rarely delete videos for the reasons mentioned in the comment above. KZread doesn't delete the videos from their servers, even if you delete them from youtube. I remember that they had tools with which you could get your videos, deleted or not, in the original upload quality. I'm not sure if they're still available, but they will definitely not delete video files from their servers for a good while because of reasons such as these hacks, and they can be restored after the dust settles down.
@CsabaTothMr
Жыл бұрын
YT should be able to recover them IMHO, but that might not be the reality.
@xWood4000
Жыл бұрын
@@leonro I don't remember the source anymore but I believe someone said that the videos are actually deleted from atleast some CDNs
Looks like this exact thing just happened to LinusTechTips. And yea, the powerless feeling as a person who cares about a channel is strong. We have to sit back and watch the hacker delist/delete videos and post their scam live stream while we can do nothing. I can't imagine what it would be like to be the channel owner right now.
@Nomi-D-Yagami
Жыл бұрын
Yes but it's finally recoverd
@laurapeterson146
Жыл бұрын
Yes. Like, how can we small channel owners even contact Google support once we got hacked (there is no way to quickly contact them because Google Studio support is, well, inside KZread Studio). And where / what is the form / method to recover our account? I think someone mentioned there is a Google form somewhere to input to, but where is that - not sure.
Sounds like Google could easily deal a crippling blow to the hackers just by requiring reauthentication for the password change request, but they don't/won't.
@KevinBenecke
Жыл бұрын
Sometimes one has to wonder just how much the hackers are paying Google to look the other way.
@robloxaalexx
Жыл бұрын
It's because they steal the password too. They steal everything you saved on your browser and most people save the password on their browser to not retype it.
@MacTX
Жыл бұрын
@@robloxaalexx This KZread hack/attack steals something much more valuable, your browser's session security token. This isn't the early 2000's where all you needed was to steal someone's username and password. We have 2FA now, a firewalled 2nd generated code that you get via SMS or through an authenticator app if you want to make major account changes, like changing account ownership. Stealing password wouldn't do anything with 2FA as you still would need the 2nd factor. That's the entire point of 2FA, it's also why the SIM swap exploit started happening to high priority targets/individuals, far easier to social engineer someone at the cellphone provider than to break 2FA. And also why authenticator app 2FA has replaced SMS 2FA for a lot of people, it stops the SIM swap exploit. With 2FA in play, even if they had access to the channel, they couldn't change account ownership unless they had the 2nd factor. This attack is more an exploit of Google's protocols. For whatever reason, Google doesn't force a 2FA reauthentication for an account ownership change allowing the hackers to completely bypass 2FA. This attack is dangerous because it bypasses 2FA, not because it breaks it.
@KevinBenecke
Жыл бұрын
@@robloxaalexx A lot of times saving the password also keeps you signed in so when you return to the website, it goes right in unless you log out. Amazon does this. It doesn't sign you out unless you sign yourself out. Even the app on the phone does this.
@davidcobra1735
Жыл бұрын
They do ask you to re-enter the account password. What are you talking about? The hackers steal all the data in your internet browsers, including all of your saved passwords. It's why I don't save my passwords in the browser anymore. They got me with a pishing scam a couple of years ago but Google sent me a notification that a new device logged into my account and I immediately locked down the whole account seconds later and I changed the password. They did manage to sync all of my mails and browsing history and all that. Google's actually much better than other websites/services when it comes to this kind of thing.
This has happened where me and my friend looked up a streaming software and I luckily realised it was fake because it was an ad from Google. Google really needs to stop this
Thanks for the warning. Yeah, I am getting a ton of the fake sponsorship emails at the moment
@bookedsam
Жыл бұрын
0
What needs to happen at KZread to prevent this 1) Channel Name Change requiring another confirmation by 2FA 2) Name change for the account blocks live streaming for 1 day 3) If the changed name involves Tesla SpaceX MrBeast hold the account until someone can look at it
@Szklana147
Жыл бұрын
Google have to prevent changing password without 2FA/U2F authentication. It is a standard procedure on bank sites. Why that basic "feature" cannot be implemented in other services?
@mixer0014
Жыл бұрын
@@Szklana147What makes it even funnier is that most lower budget and importance websites like online games and forums have that feature in place.
@773Spair
Жыл бұрын
I would have 2) be a 1-week wait or so: 1 day isn't long for the scammers to wait, and I doubt many real account holders would be significantly hurt by having to wait a week.
@Airton2
Жыл бұрын
@@andymerrett it's both
@greatveemon2
Жыл бұрын
What if you lost your phone and you're still logged in? and when you want to change the number and password into your newly replaced phone but the problem is the 2FA is still sending the code to the phone that you have lost? And now suddenly google logged you out and locked your account after failing to enter the 2FA code.
The second you mentioned the scam site's claim of "doubling the crypto you send them", my mind immediately jumped to the RuneScape gold doubling scam. Glad we're on the same page! Great vid by the way! I've seen this happen to a number of channels I'm subbed to and always wondered how it happened. Great to finally have some background on it!
@rositatimmermans220
Жыл бұрын
It's ridiculous sounds especially a person the doesn't know how to used Them knew technology.
In the short 2 months of this year I've already seen like 5 channels I'm subscribed to get hacked
These tesla live hijacks have gotten really common. I am subscribed to a ton of channels old and new. These last couple of years every 3 months or so I see one of these tesla live streams in my subscibtion box. I can usually figure out whose channel it is from either the about section or the community posts, they don't tend to wipe those. You mentioned that these streams can potentially be up for hours before they are dealt with, but actually I've seen some online for days. Even with channels upwards of 500k subs.
@Twinklethefox9022
Жыл бұрын
Happened to someone I watched. I didn't know who they were so I unsubbed from them until I learned what the channel was. He got his channel back.
@martin0499
Жыл бұрын
Linus tech tips now
Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, KZread decides to start paying attention to this.
@geraldh.8047
Жыл бұрын
Most likely, nothing will change. KZread is not run by competent people these days 😢
@DylanDurdle
Жыл бұрын
not likely going to amount to any additional by YT to do anything about this.
@CA_Hariharaniyer2023
Жыл бұрын
@@geraldh.8047 It has been like this for a decade. So it's nothing new
@Theunicorn2012
11 ай бұрын
Three of the LTT channels just got hacked with this. Hopefully when a channel as big as LTT gets targeted, KZread decides to start paying attention to this,
@officialyashvirgaming
8 ай бұрын
@@Theunicorn2012 Guys don't install Guardio chrome extension it will have full access over your browser, this means they are logging your COOKIES, PASSWORDS, Session Tokens , Refresh Tokens , Access_Token also. I do not TRUST guardio.
Linus getting hacked now 😭
Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.
@Theunicorn2012
11 ай бұрын
Watching this because Linus Tech Tips got hacked yesterday and he referenced this video in his latest video.
@Bruh_471
10 ай бұрын
@@Theunicorn2012Copycat
Your mention of doubling money in Runescape unlocked a core memory for me. Dude convinced me he had a secret dupe exploit and could dupe any item. I gave him my god staff. He kind of started at me for a minute, perhaps surprised that someone was that damn gullible, and then walked away. I learned a valuable lesson that day.
You uploaded this video a few days after a couple of channels I'm subscribed to changed to that tesla bs (a few weeks between the two incidents IIRC) and just had to watch it. When I saw LTT channels being affected I immediately remembered this detailed video. Linus and team are also aware of it, but sadly too late. I hope his mention of you on their latest video brings more people to your channel. Keep up the good work
9:00 Before this part, I had a bit of a moment of phobia of digital cookies of any kind, and I thought that's all they needed to hijack you. I was a bit relieved to learn that they didn't become that strong of a threat that not avoiding shady sites and ignoring scam emails can protect you. For a moment, it was an irrational fear of digital cookies before getting to this part.
@Twinklethefox9022
Жыл бұрын
So did I.
This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration video. You've always been ahead of the rest of hacks and scams. More people need to subscribe to this channel to keep up with the cyber security trends.
@HighestRank
Жыл бұрын
No subs let's all rss to remove its blip on hacker's radars.
@TechnologistAtWork
Жыл бұрын
@@HighestRank was that even English? I have no idea what you're talking about.
@Reed_Peer
Жыл бұрын
Let's remember the fact he used to upload satirical tech guides back in 2015-2017
@TechnologistAtWork
Жыл бұрын
@@Reed_Peer so?
@Theunicorn2012
11 ай бұрын
This is the second time Linus mentioned you. He needs to have you on his podcast or do a collaboration vidso.
i know you probably wont read this thio, but i just gotta say... please never stop making content. I know the views are down, and you probably invest more time than its worth back in monetary gain, but you make some of the best, most consistent high quality tech content ive ever seen. and your core subscriber base knows that, even if a video has 200k views or 2 million views, it's gonna be of the same quality no matter what. one day youll be one of the greats. road to three mill.
@lovelost234
Жыл бұрын
Amen to that brother 👍🏾
@WolfWriterL.P
Жыл бұрын
yup!
Definitely an interesting and informative video... yes I am aware of this scam (i watch scam baiting content and this has been covered, and one even got hacked themselves and covered how it had happened). But you added more detail and is up to date, and reinforces awareness too :)
@lovelost234
Жыл бұрын
Which channel was that? I ask because I'm interested in the lessons they learned from being hacked. And what recommendations they gave to avoid it happening again.
Thank you so much for all you do for everyone that watches your channel. Hearing about these scams has been helpful to me as my email was hacked. I am watching out for everything now. Thank you
Thank you for keeping us informed of those techniques and how to get prevented!
Came here from the LTT Shout-out 😁
Sadly, this is not a new issue for KZread, for this has been going on for several years.
@sorbetkidyoutube
Жыл бұрын
@iii___iii Damn that's a long time. I wouldn't be surprised if it actually started when it first came out.
@rositatimmermans220
Жыл бұрын
It's true.
@rositatimmermans220
Жыл бұрын
Why would I change a password for this person it's a unique password to Each in individuals.
@chidubemanukwu
Жыл бұрын
How did you prevent this
Saw your channel being referenced by LTT so I came over to find our more about how these scams are happening and something that sounds so preventable by having companies retype username and password again for any security changes.
sometimes I miss your trolling videos but like you said you got burnt out on them and videos like this are very useful
Linus sent me here, glad you are spreading the word on this. Too many creatives are having their livelihoods threatened by this kind of BS.
I had to quickly download OBS a few weeks ago on my laptop and now I'm skeptical about downloading from the right source. Fantastic T-T
@S_Roach
Жыл бұрын
My go-to is to try to find it from a handful of (what I believe to be) safe download sites, such as cnet, or tomshardware. Some of those link back to the project's website, but that's fine. Preferred, actually.
@icecreamjunkie6790
4 ай бұрын
Did anything happen?
I was hacked a few months ago using this method; they started spamming crypto-shit with Tesla and Elon Musk, obviously. Fortunately, i was able to recover quick and didn't lose any data. Also, lots of my favourite youtubers have been suffering from this in the last few months, in fact, it happened like an hour ago for one of them. Thanks for the video, really instructive and interesting!
Just realised i visited one of these taken over channels a few days ago. It was a live stream (and it was live) but realised id seen it before and comments were indeed limited to 15 year members which i didn't understand at the time. Now it makes sense. Didnt watch it long enough to work out their scam
As a retired computer/Windows IT tech, I'm amazed how many people then and now fall for scams!!!! And, it will only get worse.....Great video Joe!!
@dead2selfShema
Жыл бұрын
Not all of us are geeks, it took me a long time to figure out how to get the drink holder on the desktop tower to come out, and calling geek squad to find out how to turn on the same desktop tower during a blackout to use the fireplace screensaver to keep warm until power came back on.
@zelowatch30
Жыл бұрын
Aren't you just glad Susan is finally leaving who allowed scams to run wild?
@DavidCruickshank
Жыл бұрын
@@zelowatch30 Cause the crypto bro that replaced her is going to be so much better 🙄
REally appreciate your well informed educational vids...we NEED this info!!
Watching this after Linus Tech Tips account hack is so bizzare
KZread should give YT partners unique "self-destruct codes" that could be entered into a secure Google form or app without needing the account credentials or 2FA. Entering one of these codes would then automatically revoke all active session tokens, reset all passwords and restrict all managed accounts to view-only, notify an assigned YT channel rep (or general YT Support if it's a smaller channel), and _irreversibly deactivate the account and all associated channels for a set period of time_ , say, 24 hours. Having a one-way kill switch like this would allow YT partners to instantly lock out hackers and keep them out, giving them precious time to work with YT to identify the source of the security breach, regain account access, perform a damage assessment, and rollback any channel vandalism if necessary. This isn't some new concept either. Plenty of websites allow users to end currently active sessions or suspend their accounts, either with a single click or by entering a password. The only thing Google would need to do is make these actions available to their partners in a way that is secure, reliable, and expeditious.
@ThioJoe
Жыл бұрын
I like this idea. There would have to be some kind of waiting period to change such codes though to ensure the hacker doesn’t just reset them as soon as they get in.
@gorkskoal9315
Жыл бұрын
do you have any idea how fast that'd go wrong? if people think youtubers hungery for that sweet google cash is bad now, just wait till that backfires and someone is goatse'd so hard they're pooping out dally the clones.
Thanks for this, Joe. Keep up the good work!
This is a dang informative video, even just regarding to how scams and virusses work.
1:10 that's now Linus... here after Linus got hacked also (successfully recovered and mentioned this video) 🙂
@leonro
Жыл бұрын
tbf LTT is also a toy channel, more specifically an RC fire truck channel
I was watching an episode of hak5 about session hijacking. The only way I can think of to get around that kind of attack is setting up your browser not to remember anything. But then you would have to log in every time you access KZread. Even then. Your session is still saved every time you click on something otherwise it would log you out.
@MaxPower-11
Жыл бұрын
It’s not practical to not store session cookies because then every user interaction with the remote site will require reauthenucation. Probably the best KZread could do is have a defined set of actions which *always* require MFA like changing the channel name or password.
@S_Roach
Жыл бұрын
@@MaxPower-11 Shouldn't even require MFA. Not everyone has that enabled. Should require you to log in again, and MFA if you have that enabled.
@MaxPower-11
Жыл бұрын
@@S_Roach The reason why MFA (vs. just re-entering the user’s password) would be highly preferred in the scenario presented in the video is that if the victim is infected with malware that’s sophisticated enough to steal local session cookies, it could potentially also capture the current (and new) password when it is entered by the user.
@ghost-user559
Жыл бұрын
Honestly for the time being this world be the only truly effective solution until something is done about this.
Hi ThioJoe, there's another scam as well which impersonates the youtuber and tells you to download signal because you have won some type of prize and what they do is tell you to pay for shipping and you get nothing. Of course, it isn't as bad as what you mentioned but they still harass you constantly.
@bitelaserkhalif
Жыл бұрын
I call them cirno bots Because some of them use same number with cirno AKA circle 9
@JoshuaDDales
Жыл бұрын
I've encountered a variant of this where the scam account tells you to go to a Telegram account.
@selfharm27
Жыл бұрын
@@bitelaserkhalif Mmmmmm cirno bots
I’ve been seeing a lot of channels I’m subbed to get hacked, thanks for speaking out about this problem
As a webdeveloper, I must say it's pretty dumb that they don't encrypt the cookies including the user's IP (and maby other fingerprints), its pretty basic.
@itskdog
Жыл бұрын
Even if the browser encrypted the cookie on-disk, it would still need to be decrypted at some point to send it to the website, so it can just wait until your browser decrypts then inject itself and scan the memory.
ive seen one of destiny 2 content creator Toadsmoothie get hacked and after made a video about it, he stated a person who he inspired to become a ytber reached to him and aided him step by step on what to do and he got a physical key to his channel and thats one of the only ways he can keep his yt account safe
Giving big creators the option to report hijacked channels may backfire. As soon as this new feature would be introduced, scammers could use it as another source to scam people out of their channels. "We've taken down your channel because of a report on behalf of x. Click on link y to be taken to the (not so real) report form", continuing the cycle as compromised channel owners will be like Yup. That's compromised, so that link must be real
@cekart
Жыл бұрын
Yup, as I replied in another comment, this very practice happens all the time in FB where digital mobs massively report an account so that FB bans it, and it is widely exploited because of the "anyone can report" policy. So putting a mechanism to report blocked/hijacked/owned channels is a bit more complicated than that.
I'm a member of a channel that this happened to. He made a twitter post telling us. Plus, I got an email that my membership had been paused so I knew something was going on.
You just described what happened to one of my favorite creators that I watch on KZread. Her account got hacked and she couldn't even get back into it because they had changed her password. I am going to forward this on to her so that she does not feel all by yourself.
Who else came here after LTT disaster?
@Theunicorn2012
11 ай бұрын
Who else came here after LTT disaster?
@juliusrule6216
11 ай бұрын
Um
@fedymunke8684
11 ай бұрын
What’s the LTT disaster
@BoilingDietCoke
9 ай бұрын
It is not remotely over, LMG is in big trouble. Fraud.
@BoilingDietCoke
9 ай бұрын
@@fedymunke8684Gamer Nexus explains.
If you’re using any browser in Linux, Google does ask for the current password in order to continue with sensitive changes. I think it will ask you for the current password every time if you’re logged into an account under incognito mode, which in this case would be the bare minimum.
@AkiraElMittico
Жыл бұрын
Exactly , that's what I thought , this only affects Windows users then.
@johncoops6897
Жыл бұрын
@@AkiraElMittico - Rubbish. It has nothing whatsoever with the operating system.
@theftking
Жыл бұрын
So if the hacker that has compromised your account and is now trying to make sensitive changes _isn't using Linux,_ it's useless. Doesn't make any sense. This isn't related to operating systems.
This is very important video for each KZreadr thanks for making this video THIO
What I got from reading Jason's response is that it feels like KZread is so large and the number of people they hire to do all that customer support is also very huge that giving them all access to some form of internal admin system would be a risk in and on itself, or something like that.
Linus tech tips just got hacked lol
And now, Linus Tech Tips is the victim to this. I actually had few of my favourite KZread channels or channels that I subscribe to that had their account hacked to promote crypto, Tesla, or something. Aside from Linus, one channel focus on making satirical VHS videos and one had over 10k subscribers. Fortunately, both eventually got their account back. On a side note, I am also a victim of KZread account being compromised, but thankfully, my account did not get changed to promote illegal schemes. In fact, KZread and Google temporarily disabled that account to protect it from crypto or Tesla hacks. This was one of the most stressful times of my life because my Google account is important for me (not just for you to but also for keeping photos and keep notes), but thankfully, I got my account back.
Are cookies and local storage currently secured in many cases? Or can pretty much any running process access them? If it's used for session initiation/management/tracking/termination, I think said files should be protected by access permissions and/or encryption. Maybe guarded by a credential management account on the OS? No automated access to said data?
Thanks for your insight on this. So to reduce the risk on getting hacked we could also just log out from our login session. Or delete the cookie manually so we have to use 2FA next time. Like a workaround. But ofcourse it starts with not downloading malicious software. Furthermore it feels like KZread support team is being (partly) hired or run by external companies. Some support staff don't speak correct English, don't know about their own FAQs and I had to tell them what was in their own FAQ. Especially with chat support.
@takufner
Жыл бұрын
I saw some videos about the hack mentioned here and read a lot of comments! This is the first time I see mentioning this logout approach... The local cookie in your machine is tied to a session in the server! If you log out from your machine, that session will stop working and the stolen cookie will have no use anymore! Hacker will not be able to access your account anymore! Is there something wrong with this approach? I'm not an expert, so I'd like some validation about this. Thanks.
@VelnixFilms
Жыл бұрын
@@takufner As a software developer I can tell you that just logging out from your machine (read: windows log out / shut down) isn't enough. Your cookie is stored locally, and it's stored, so it's somewhere on your PC and remains until you remove the cookie or invalidate the cookie. By logging out from your KZread account, the cookie will be invalidated. Or you can delete the cookie manually (and after refresh, you will be logged out). Or you can use incognito mode, so it doesn't save the cookies and only use the cookies one time. But thinking about this approach makes me uncertain if it's 100% waterproof. What if you log in again, and at that particular moment the hacker comes in? Then he will have access probably. My approach would probably not give 100% safety, but might lower the risk of getting hacked. Especially at inactive moments on KZread (like why would you keep your logged in session open while you're not even using YT that day on your PC). Even more important is keeping hackers away. My approach is just some theoretical thought of me :)
This makes me question of Google/KZread has a security department. Even if it's one person, they should be on top of these issues.
@Theunicorn2012
11 ай бұрын
This makes me question of Google/KZread has a security department. Even if it's one person, they should be on top of these issues.
@officialyashvirgaming
8 ай бұрын
@@Theunicorn2012 Guys don't install Guardio chrome extension it will have full access over your browser, this means they are logging your COOKIES, PASSWORDS, Session Tokens , Refresh Tokens , Access_Token also. I do not TRUST guardio.
Who came here after waching Linus channel hacked?
This was one of the most informative videos i have ever watched concerning scams. Thanks so much, youtube needs more videos like this one!!
I've seen this before, same as you said. They receievd a sponsorship email, clicked on the link and the hacker changed the channel name, banner, locked out the owner of the channel and put every video on private. The hacker started a live streamed untill it got banned by the utube AI. Crazy part is the Channel owner was not responsible for the hack, hes assistant who had a been added as a secondary owner was the one who clicked on the link. After sone time the issue was resolved but in the meantime when people see a channel name who they do not recognise who streams crypto stuff people unsub.
A lot of bigger channels falling victim recently and I was absolutely shocked that the cookies can be used from multiple locations and there is no 2FA prompt for changing the channel name or the 2FA methods. Security 101, you don't allow 2FA to be changed without authenticating.
Coming back to watch after LTT got hacked, media companies seriously need to implement solutions to solve this annoying problem.
@gorkskoal9315
Жыл бұрын
Like what? This the most 90s problem ever: if you get an attachment: scan it with an antivirus first? these days can even use your favorite cloudbased email. gmail, or skydrive or hotmail or what ever else is out their to check files.
i missed this video but came here from Linux Tech Tips who got hacked and referenced this video, giving ThioJoe a shoutout
Thanks so much for alerting us to these tricks. You do it well and it is appreciated.
The cookie thing makes no sense to me because the website can still check for the IP and browser ID. There can also be ways to identify a device, to see if it's one that was used before or not. Lastly, settings should most definitely require verification. I definitely agree with the end of the video.
@johncoops6897
Жыл бұрын
There is not really such thing as "browser ID". We wanted to remain anonymous, ya know.
@MightyDantheman
Жыл бұрын
@@johncoops6897 There is if you look it up. But outside if that, haven't you seen "Trust this browser" or "Trust this device" before? There's all sorts of tracking methods, some of which have existed for over a decade. There's even new technology being developed to rely less on cookies.
Thank you Joe! Always on the piece❤
Many thanks for alerting me to current scam techniques. Like you I am a skeptic to the point some might say of being paranoid. But my roots in taking care go back a long way to the days of 8" floppies. Backup, backup, backup was the battle cry of the day. It still applies but malicious web-based attacks are a whole different ballgame. When I first learned to program it took little time to realize that the only people who control computers are the people who write the programs that run on them. So again, thankyou for taking your time to bring modern gotchas to te attention of anyone who cares.
I'm very worried for all the channels that don't get brought back.
I had this happen to me and I lost thankfully only $130. All my passwords and accounts were compromised and thankfully I knew pretty quickly what was going on, so I changed all of my account's passwords. (Had them all in an excel). It was so strange to see my youtube account posting tutorial videos, and quite scary. It could have been a lot worse, Don't download sketchy things!
@kunka592
Жыл бұрын
Use a local password manager. Like KeePass or something.
@ethanoverwatch407
Жыл бұрын
@@kunka592 That would be wise and probably easier, but I enjoy being able to store other stuff too (eg. 2FA backup codes & such)
@RunicSigils
Жыл бұрын
Or you could just simply not shill garbage to people. You know who this wouldn't happen to? People that only work with products that they actually know meaning they're far less likely to be caught up in this because they'd already know the signs that it's a scam. If you're willing to shill random things for money you deserve to lose everything.
You got a shout-out from Linus of LTT. Congrats!
There are some hackers that spam family guy compilations on the hijacked channels. Very ridiculous.
I would like to see an update where there are the options for following, and the user can opt in -on a slider or something like windows UAC-thinking about the most stricter options (and branded as heck as the handles were): -If you want to comment you have to give your password once a day (minimum time-value, can be longer auth-ed period), -If you want to upload, or stream give a 2fa confirmation, every time (eg because of mass upload listings or preparation: 1 hour cooldown, when the system asks again for it (running stream auth.-ed) -If you want to delete, or change anything serious (name, handle, profile pic, videos etc) full 2fa. The modifier of this switch behind a full login+2fa. I bet many of the stolen channels' creators would live with these options. For a normal youtube consumer not a real issue.
I check the community post tabs to see what the channel once was. Usually that stays when the videos get wiped
Btw what happened to the audio track feature?
Saw those same fake Elon live streams a few days ago and was wondering what was going on. Thank you for the information!
Finally, someone speaking in detail of this. What else is left to talk about? Comment bots, scam bots and now this. KZread needs to do something, pronto!
I saw a comment about using a hex editor but that is kind of "difficult' for a regular user. Another way to remove that empty space that makes the file larger is to take the exe and compress it, once it's compressed without a password you can upload it to virus total and check it. The malware regularly has a password to avoid getting detected.
LinusTechTips just got sniped with this
Apparently two of Linus's channels now
@MistyKathrine
Жыл бұрын
3.
Thio with the Runescape acknowledgment - the _exact_ same thought I had when I first heard people were falling for the "doubling your money" streams. More people need to develop a crippling addiction to MMORPG experiences so this can all be avoided.
A couple KZreadrs I watch were hacked in this way not too long ago. It turns out the hackers didn't mess with the community tab though, so I could figure out who it was that way.
and now LTT is hacked by the same guys
Hackers don't just "get in" like they do in the movies, the victim always has to allow them in by downloading a file or clicking on a link. People need to be more careful...
@FeliciaMitchellOfficial
7 ай бұрын
What to do exactly Mate
Yea bro , I agree with you , I had a youtube channel of Windows TIPs and had around 50k subs but it got hacked . Tnx for sharing the news
there's a smaller youtuber i follow, who works as an editor for a big youtuber, and the hackers were trying to get to the big youtuber's account and ended up getting into the smaller youtuber's account. the big account got the whole tesla scam livestream crap, but the smaller youtuber had his channel deleted and none of the youtube tools for recovery were working. luckily eventually google managed to get his channel back, but it took i think over a week
Who's here after the LTT hack?
Since the beginning of this year, almost weekly I receive emails that appear to be from some of my KZread subscriptions complete with their channel photo telling me to contact them on one site or another (not on KZread or an email response) because I won a prize. I just delete them but I feel bad for the people who actually run these channels here. I should probably tell them in their comments that this is going on.
@S_Roach
Жыл бұрын
I report them. I did that on another channel, that tagged me in a comment, just a few minutes ago. The replying comment copied the channel name, but added an underscore to it. Click on the vertical ellipses beside a comment, on the right-hand side, and select "report" from the very small number of options, (currently, the only option, as far as I can see).
@fredericapanon207
Жыл бұрын
I try to add a reply to a post by the channel owner telling them about @ThioJoe's Spammer Purge videos.
A popular music channel called ambition music just got hacked a few hours ago. It has over 1 million subscribers and now the hundreds of music videos are gone and replaced with videogame hack scams and a live crypto scam stream, also it was renamed to microstrategy.
I'm really disappointed that more endpoint security tools aren't doing behaviour analysis. There are so many ways to run malware in a fileless manner, traditional methods of malware detection just don't work.
Here from LTT. Learned some really useful stuff today, thank you
Whose here from LINUS TECH ?
@SADXGamer4
6 ай бұрын
Me!
@C-T_gaming51
5 ай бұрын
Me
@C-T_gaming51
5 ай бұрын
Me
@C-T_gaming51
5 ай бұрын
Me
@Fuckyouyoutube0204
5 ай бұрын
Your mother works for Linus tech jk
A+Start just got hacked today using these techniques. One of my favorite channels to watch: gone by some stupid scammer scumbags.😡 Stay safe!
Oh, this recently happened to a garage kit painter my boyfriend watches. It was resolved relatively quickly but it resulted in her losing a significant chunk of subscribers because the hackers hide every trace of the person’s existing content.
@theftking
Жыл бұрын
That seems unlikely: nobody unsubscribes to a channel simply because the content went missing. If anything, it's more likely they just never access said channel ever again. Nobody unsubscribes from channels in general. This is why KZread changed to the algorithmic homepage; everyone is still subbed to random stuff from 9 years ago that they aren't interested in anymore. There's an _opportunity cost_ to it (you can't make new content and gain new subs while you're hacked), but you won't lose any meaningful number of subscribers simply because you were hacked and your videos are temporarily unavailable.
When cookies first appeared we were told they were isolated from each other. I guess they lied, or it changed, or hackers figured out ways around the blocks, and browsers never figured out how to prevent it
@bernardonegri5416
Жыл бұрын
They are isolated from each other. But at the end of the day, modern desktop operating systems are still stuck on security tactics of the 80's where any application running as user X can access all of user X's files and all files of every other application running as user X. There is nothing browsers can do about it. Which means a random exe you downloaded of the Internet has access to all of the files of your browser, including cookies and saved passwords.
They also achieve it by overtaking control over your channel after adding them as channel admins...
Here after LTT got hacked and just got back up. Gonna keep this in mind, eternal vigilance and skepticism.
This just happened to Linus Tech Tips
Those were constantly in my feed in the summer of '21. I had been learning about blockchains&crypto at the time, but had never searched anything about Tesla, Elon, or 'doge', yet it was everywhere. I haven't seen any very obvious jacked streams in probably about a year now. 🤔
It looks like it happened to popular gaming channel Did You Know Gaming yesterday as I was watching a video on another channel and suddenly got these weird notifications, it wasn't until I looked this morning that I found what had happened
If Google and KZread are very serious about the safe of their users then they should start to take down these channels before user click something that malicious or a scam.
Web servers should not authorise cookies which are being used from an IP that is in a completely different country. . This protocol is pretty easy to add. .