Read on Twitter
Recently @LinusTech youtube channel got hacked, Here's breakdown 🧵of how the hacker managed to get access of the channel👇
YouTube channel takeovers have become increasingly common and a recent hack targeted Linus Tech Tips and other Linus Media Group channels. The hack bypassed password and two-factor protections by targeting session tokens that keep users logged in to websites.
But what exactly is a session token? 🍪
A session token is a unique identifier that a website creates when a user logs in. It's stored on the user's device as a cookie or in local storage, and it's sent with every subsequent request to the server.
A session token is a unique identifier that a website creates when a user logs in. It's stored on the user's device as a cookie or in local storage, and it's sent with every subsequent request to the server.
Server uses the session token to identify the user and grant access to protected resources. Ex: if you log into your email and then try to access your inbox, the session token tells the server that you're authorized to view your messages.
Session token authentication flow 👇
Session token authentication flow 👇
Session tokens are often used in place of constantly asking for a username and password for each request. They also have an expiration time to ensure that users are logged out after a certain period of inactivity.
In the case of the Linus Tech Tips hack, the hacker was able to access session tokens and effectively gain access to the browsers of Linus Media Group's team members. This allowed them to make changes and take over the channels without needing to enter any security credentials.
Linux explains that this is cause of a zip file they received from a source which looked like authenticated one. By downloading and extracting the zip, the .exe file hidden inside got executed and session tokens where shared.
To prevent these type of attacks ensure that any file you download from internet is from a legitimate source and Linus suggested that greater security options for certain channel attributes and confirmation or verification requests is needed to avoid such incidents.
It's concerning that these types of #hacks are becoming more common on #YouTube. Hopefully, Sebastian's recommendations and YouTube's efforts will prevent future breaches and keep creators' channels safe. Stay vigilant and protect your online accounts.
If you enjoyed this thread, show some 💓 by liking, commenting, and retweeting my first tweet.
I share simplified concepts and tips that will take your tech, programming and productivity skills to the next level.
Follow
@AmSorry_offl
for more threads like this.
I share simplified concepts and tips that will take your tech, programming and productivity skills to the next level.
Follow
@AmSorry_offl
for more threads like this.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
