Popular YouTube Channel ‘Linus Tech Tips’ Suffers Hack

Linus Tech Tips, along with two other Linus Media Group YouTube channels, have been reinstated following a major breach that enabled a malicious actor to carry out activities such as streaming fraudulent crypto videos, modifying channel names, and erasing videos. Owner Linus Sebastian explained in a recent video that the breach was able to bypass security measures such as passwords and two-factor authentication because the attacker targeted session tokens that maintain users’ login status on websites. Linus revealed that a team member from Linus Media Group downloaded what was believed to be a sponsorship offer from a potential partner, which was actually a malware-containing attachment that gave the attacker access to all user data from installed browsers, including session tokens. As a result, the attacker had an identical copy of the browsers and could cause damage without requiring security credentials.

What are session tokens?

A browser session token is a unique identifier generated by a web application or website when a user logs in, used to maintain their session and authenticate subsequent requests. The token is stored in the server’s memory and sent to the user’s browser as a cookie. When the user sends a request to the server, the token is checked for authenticity. Session tokens have an expiration time, after which they become invalid, ensuring the user’s account is secure. In summary, browser session tokens are an efficient and secure way to maintain user sessions and authenticate user requests.

In a segment on the Linus Tech Tips podcast The WAN Show on Friday March 24th Luke Lafreniere stated that the attack occurred as the Malware Signature was not recognised by their Signature Based Anti-Virus, however whilst their security processes generated an alert no automated actions took place in the middle of the night once the compromised system was identified.

After the recent hack that caused the channels Linus Tech Tips, TechLinked, and Techquickie to be restored, Linus has offered some recommendations to YouTube to avoid future breaches of a similar kind. Among his suggestions, he suggests implementing increased security measures for certain channel features, such as requiring passwords or two-factor authentication to change the channel name. He also recommends adding a verification request for any attempt to delete videos in bulk.

In a statement YouTube spokesperson Elena Hernandez said “After being alerted by the Linus Tech Tips team that their account was compromised due to unauthorised access, our team investigated the issue and worked with them to secure and restore their account,”. YouTube have yet to speak out about how they plan to prevent this action in future, as over the weekend more than a dozen other channels on YouTube appeared to have suffered from the same type of attack resulting in malicious fake crypto feeds.

Lately, takeovers of YouTube channels like this have become more frequent. Implementing suggestions like Linus’ could potentially help to prevent such incidents from occurring again. It is recommended to watch Linus’ complete video explanation for further information about the incident. NOTE: It should be noted that the video contains security footage of a naked, yet blurred, Linus in his home as he investigates the situation.

How can you protect yourself from this type of an attack?

Not all businesses operate 24/7/365, however malicious cyber attackers can target your business at any time of day. By implementing a Managed Endpoint Defence and Response Solution backed by SIEM in companion with your AntiVirus, it is like having a 24/7 Security Team protecting all of your business endpoints to prevent these types of attack from slipping through the net.

Full Linus Tech Tips Video about the Hack

Latest News Stories