Hey, @linusgsebastian and @luke_lafr I can see you are already restoring thr @LinusTech YouTube channel from the hack. Glad to see that. This looks like this is that fake sponsor, browser intercept hack going on. I know this may be annoying, but it may make sense to have all of your sales team use Chromebooks or Macs only for sales emails and avoid having them logged into the channel. I know sharing analytics to brands will be annoying if you do this, but it is worth it. They are pretending to be a sponsor emailing that provides a brief to download, a demo of a game, clip to watch, or any number of things, but it’s actually a .EXE file. The moment you open it, it takes a snapshot of the browser, bypasses any 2FA, and then they have it automated to change your password, unlist all videos and then start rebranding and playing that scammy live stream. I hope this helps. I know expanding a team so fast is difficult and has its growing pains. I can’t even fathom how hard it is for all of you to handle security and communication across so many people, let alone how you could even have the channel secured by sock puppet accounts as owners and admins, etc. Hope this gets resolved and restored ASAP. Love all the stuff @LinusTech is doing and looking forward to seeing you at @LTXexpo!

So you're saying to ban using Windows due to scammers?🤔 Linus himself primarily uses Windows. I think they have a good gripe on it like anyone else.

I'm 100% saying you should never use a PC for your brand sponsorship emails for as long as this exploit exists in this way.

You are making a lot of assumptions of how the attack was carried out and even if you are correct there are better ways to deal with this problem.

Do you want me to coddle you or tell you the truth? If you have a better solution, share it instead of criticizing it. Be productive.

Starting with the assumption that this was a cookie hijack attack, it's possible that you are correct. However, Google has implemented additional measures to protect against these attacks. Which makes me skeptical of your conclusion. 1/2 Source blog.google/threat-analysis-…

Assuming hijacking was used. Only 2 accounts should have the level of access used lock users out from the channel and should not be used by anyone on a regular basis. This is covered by the PoLP. Without knowing the specifics of the incident I think this is a reasonable response.

This is a much better response with valuable data that we can all gain from! Good job. As for your skepticism, I can only say that it's the same thing I've been seeing for the past few years with the same outcome (the fake Tesla crypto scam live streams), so I have little reason to believe it is something different than what it has been. The investigation wasn't done only by me but by other creators like @GeraldUndone and @aaronpk when our friend @ZavitzLee experienced this "same looking" hack. So while we don't know "specifics," the friends we know who have been hacked, their testimony and research, and the resulting form or look of the hack's outcome is my reason for having the conclusions that I have. The burden of proof, from my perspective, is on the claim that it is different. Google says they've worked to reduce comment spam, yet it still happens. They can reduce it, but it doesn't mean they have eliminated it. This context, I would imagine, makes my position make sense.

I just woke up to this news and I 100% agree this is the same thing that's been happening to others. Just because Google has added additional protection measures doesn't mean they have prevented 100% of cases. There is also almost no other way this scale of attack can happen.

Would you agree that the solution is still: - Sock puppet accounts for the "key holders." - A Chromebook only used for email/sponsors that aren't logged into the YouTube channel or anything else. If you cannot use a Chromebook, use a Mac. Security requires inconvenient solutions.