Hi, this is Wayne again with a topic “Why YouTubers Are Getting Hacked”.
If you’re a regular viewer, you probably know we got hacked recently with the tech, quickie videos, you know and love replaced by everyone’s favorite streams, operated by crypto scammers, oh boy, over on our sister Channel Linus Tech tips. We have a video detailing exactly what happened, but the upshot is that a compromised email attachment stole session tokens from a computer here at the office. Basically, the part of a web browser cookie that tells a website that you’re logged in cookie theft often allows an attacker to access accounts without knowing the password and it’s become a relatively common way for YouTubers to get hacked. But why is it so easy before we dive into the answer, we’d like to thank fellow YouTuber Theo, Joe for his thoughts on the situation, go and check out his channel when you’re done watching this? The reason why so many YouTubers have gotten hacked recently boils down to a trade-off between convenience and security.
You see YouTube along with, basically any other website that requires you to log in can ask you for your credentials at any time, but it’s how often they decide to do this or not do this, that can mean the difference between you staying safe and getting hacked. Here’S what I mean, although it would be extremely annoying for YouTube, to ask us for our password every time we try to do something simple, like upload, a video or change a thumbnail. It might behoove YouTube to ask for passwords when making a major modification such as I don’t know, changing the name of the channel which Google doesn’t do consistently another potential red flag that YouTube could pay attention to is when the IP address of the logged in computer Changes, although there are totally innocent reasons for this to happen, such as taking your laptop on a trip or logging in to a VPN or your ISP, just reassigning you a new one. It could also be because an attacker has stolen your cookie and is now logged in from elsewhere, but it doesn’t appear that Google consistently asks you for your password again in this situation either. These are fairly simple precautions.
So it’s a bit of a mystery. Why? Google doesn’t already pick them, but if we had to guess which we’ll be doing since YouTube didn’t get back to us. When we reached out for comment, it’s likely to cut down on how often creators are asked to punch in their credentials, which can be annoying. But even if you agree that YouTube has struck the right balance between security and usability, there are still more ways they can prevent these attacks after the hacker has gotten the password and we’ll tell you about them right after we think MSI for sponsoring this video msi’s Radix ax 6600, Wi-Fi 60 router is the perfect addition to any gaming setup with transfer speeds up to 6600 megabits per second, you can enjoy interference, free Wi-Fi for uninterrupted gaming, UHD video streaming and live stream broadcasting plus with AI, enhanced qos gaming.
Packets are automatically prioritized and you can easily switch between preset modes using the Dragon shield button or the app with a heavy duty, thermal design and a powerful 1.8 gigahertz quad-core processor, the Radix axe 6600 Wi-Fi router can handle high performance workloads with ease check it out Of the link below and upgrade your Wi-Fi experience today, strengthening two-factor authentication should also be high on Google’s list of security priorities. Although YouTube and other Google services obviously support 2fa already, you aren’t asked to re-verify on your two-factor device on a computer you’re already logged into meaning that if a rogue file attachment contains a key logger, the attacker can just re-enter your password onto your stolen session. With a good chance, they won’t be asked for that. Second factor that only you have it’s like having a guard dog, that’s just sleeping on the job.
What took our dog stream of to be fair to Google? They do have a more advanced tool called context aware: access for Enterprise users that allows the white listing of only certain IP addresses, which prevents a far away attacker from logging in, even if they have all your credentials. But the problem is that only specific Google Apps such as drive and Gmail support it. You can’t lock down an entire account that way, so it does nothing for YouTubers trying to protect against the hack and speaking of locking down accounts. Perhaps the biggest elephant of the room is that, regardless of what security measures YouTube offers, Google doesn’t seem to be proactive with how they respond when channels are hacked instead, relying on the creators themselves to notify them of a problem. This is even true. If you have millions of subscribers – and you think as big as Google is they’d – have some kind of algorithm to detect when major channels might be compromised. Of course, we do recognize that Google has a tough job deciding how to strike that balance between usability and security, and our reps at YouTube have been good to us, but there’s always room for improvement, including with our security practices here at lmg. Hopefully, this video has shed some light on why these attacks are happening with more frequency, and we also hope this is the last time this channel is used as a conduit for crypto scams.
We’Ve all lived through enough of those already yeah, it’s awesome. So thanks for watching guys, if you like this video hit like hit, subscribe and hit us up in the comment section with your ideas for topics that we should cover in the future, we were hacked .