Ansari Profile picture
Mar 27 10 tweets 3 min read Twitter logo Read on Twitter
Recently @LinusTech youtube channel got hacked, Here's breakdown 🧵of how the hacker managed to get access of the channel👇
YouTube channel takeovers have become increasingly common and a recent hack targeted Linus Tech Tips and other Linus Media Group channels. The hack bypassed password and two-factor protections by targeting session tokens that keep users logged in to websites.
But what exactly is a session token? 🍪
A session token is a unique identifier that a website creates when a user logs in. It's stored on the user's device as a cookie or in local storage, and it's sent with every subsequent request to the server.
Server uses the session token to identify the user and grant access to protected resources. Ex: if you log into your email and then try to access your inbox, the session token tells the server that you're authorized to view your messages.
Session token authentication flow 👇 Image
Session tokens are often used in place of constantly asking for a username and password for each request. They also have an expiration time to ensure that users are logged out after a certain period of inactivity.
In the case of the Linus Tech Tips hack, the hacker was able to access session tokens and effectively gain access to the browsers of Linus Media Group's team members. This allowed them to make changes and take over the channels without needing to enter any security credentials.
Linux explains that this is cause of a zip file they received from a source which looked like authenticated one. By downloading and extracting the zip, the .exe file hidden inside got executed and session tokens where shared.
To prevent these type of attacks ensure that any file you download from internet is from a legitimate source and Linus suggested that greater security options for certain channel attributes and confirmation or verification requests is needed to avoid such incidents.
It's concerning that these types of #hacks are becoming more common on #YouTube. Hopefully, Sebastian's recommendations and YouTube's efforts will prevent future breaches and keep creators' channels safe. Stay vigilant and protect your online accounts.
If you enjoyed this thread, show some 💓 by liking, commenting, and retweeting my first tweet.

I share simplified concepts and tips that will take your tech, programming and productivity skills to the next level.

for more threads like this.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Ansari

Ansari Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AmSorry_offl

Sep 5, 2022
Best way to start a #ReactJS project.
A Thread 🧵
Typical way of creating a react application will be
`npx create-react-app myapp`
Right ? But you know what with this simple command. You almost install more than thousand node modules.
Gladly this is not the only way to create a react app.
Alternately you can create it by installing only required module one by one but that is time consuming and tedious process for starters and some may recommend that way but there is a life saver @vite_js
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!