One of my favorite tech YouTube channel: Linus Tech Tips, boasting over 15 million subscribers, was hijacked by a malicious actor using it to promote a cryptocurrency scam. The attackers appear to have compromised the channel by changing its handle from @LinusTechTips to @teslaliveonline1.
The scam involves a ripped recording of a 2021 session from The ₿ Word conference featuring prominent figures such as investor Cathie Wood, former Twitter CEO Jack Dorsey, and current Twitter CEO Elon Musk. The malicious live stream uses keywords involving artificial intelligence, GPT-4, and OpenAI to attract viewers.
A QR code and URL direct users to a Tesla-branded website claiming to offer a crypto giveaway worth $100,000,000. The scam follows a classic money-doubling scheme, promising to pay back double any Bitcoin, Ether, Dogecoin, or USD Tether sent to a designated address.
Linus Tech Tips, created in November 2008 by Linus Sebastian, went on to spawn Linus Media Group in January 2013. Headquartered in Surrey, British Columbia, Canada, Linus Media Group has been a leading content creator in the tech space.
YouTube has since taken down the hijacked Linus Tech Tips channel, with visitors now encountering a message stating, “This account has been terminated for violating YouTube’s Community Guidelines” when attempting to visit the channel’s old non-handle URL. However, the attackers have now also hijacked two other Linus Media Group channels: Techquickie and TechLinked.
All videos newer than seven years old on the compromised Linus Tech Tips channel have been deleted or made private. The incident serves as a reminder for users to remain vigilant about potential scams and the importance of securing their online accounts.
Here are some steps you can take to ensure your channel’s security:
Use a strong password: Create a unique, complex password for your Google account associated with your YouTube channel. Combine uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information such as names, birthdays, or common words.
Enable two-factor authentication (2FA): 2FA adds an extra layer of security by requiring a verification code in addition to your password when logging in. This code can be sent to your phone via text message, generated by an authentication app, or obtained through a security key. Enable 2FA for your Google account by visiting the Google 2-Step Verification page.
Regularly update your account recovery information: Keep your account recovery email and phone number up-to-date, so you can regain access to your account if it gets compromised.
Be cautious with third-party apps and services: Only grant access to trusted third-party apps and services that require your Google account credentials. Regularly review and revoke permissions for any apps or services you no longer use or trust.
Use a secure email provider: Choose an email provider with a strong reputation for security and privacy. Features like end-to-end encryption and secure authentication methods can help protect your account from unauthorized access.
Be wary of phishing attempts: Be cautious when clicking on links in emails or messages claiming to be from YouTube or Google. Always verify the sender’s email address and check for signs of phishing, such as poor grammar or spelling errors. If in doubt, visit the official website directly by typing the URL into your browser.
Educate your team: If you have multiple people managing your YouTube channel, ensure they are aware of the best security practices. Encourage them to use strong passwords and enable 2FA on their accounts as well.
Monitor your account: Regularly check your YouTube channel for unauthorized changes, such as altered video titles, descriptions, or deleted videos. Set up notifications for any account activity to stay informed about potential security issues.
With these best practices, you can significantly reduce the risk of your YouTube channel being hacked and ensure the safety of your content and subscribers.
Last Updated on 06/05/2023 by Emmanuel Motelin
