This YouTuber Got Banned Today.
Vložit
- čas přidán 22. 03. 2023
- FACT CHECK SHEET ►bit.ly/MogulMailCorrections
follow me on twitter ► / ludwigahgren
follow me on tiktok ► / ludwigahgren
follow me on instagram ► / ludwigahgren
join my subreddit ► / ludwigahgren
LINK TO EVERYTHING ► wlo.link/@ludwig
This Video Took 3 Takes
#mogulmail #ludwig
Linus a real one for sending memes on twitter when his 15 year long channel is banned
@Lol okay idk if you're serious but he just used the R-word 20 ish years ago, no n-word
@@hakanbrakankrakan they jus memeing foo
@@chase_876 yea ive seen the clip I just put it out there in case lurkers take it at face value
@Lol okay he doesnt, what you are referring to is out of context, he was talking about how he USED to use the hard r, but hes changed and feels uncomfortable even hearing it now
@@hakanbrakankrakanit’s so strange that people are fine with the r word but not the n word. just interesting to see where society draws the line.
edit: some of you guys have compelling points, but to me calling someone a retard seems offensive to people with disabilities because traditionally it’s been used as a derogatory term. I just thought it was peculiar how everyone breathed a collective sigh of relief when they realised Linus was ONLY saying a word offensive to disabled people. although yes, black people historically have been discriminated against more.
I was previously living in the reality where Linus got banned from youtube for not knowing what “hard r” meant
Yeah when I saw the title of this video I also thought Linus got banned because of that and was confused
To be fair I would say its "N word with the hard r" not just "hard r". Him just talking about "hard r" I had no idea what word he even meant at first, but then context revealed it was not the N word but the r word that used to be just normal word on the internet but now is bad.
@@Naesil89 Perhaps its a regional thing
@@aarontimmI agree, I've seen comments from people who said they used to think the same as Linus until that happened
@@Naesil89 it never was a normal word?
Hi Lud, the scam is actually more sophisticated than a password hack. They get the user to download and open what looks like a pdf but it’s an ics file. When opened, it copies all of the user’s Chrome cookies/session data and sends it to the hacker. This bypasses 2fa which means even if you have that setup, you can still get hacked.
Yeah, I think he needs to make sure he addresses this, cuz "it was just a phishing scam" really makes LTT look bad.
You can get your creds stolen & session cookie stolen w/o needing to download anything, to be fair.
I now know it was a different circumstance for this employee, but still worth mentioning so people don’t think “well I didn’t download anything, I must be good”
This also happened to me recently, i got an notification that there was a malware in my laptop so i thought just clicking scan and take action in windows defense is enough but apparently it isn't. My gmail and other social media and game accounts got hacked. I'm so pissed.
Yeah upvoting for visibility
Do you know a way to counteract that? I'm aware of things like Upsight security but I'm curious if there's a way to stop those without the need for Upsight.
One of my fav Japanese singers (Amatsuki) had this happen to him. Poor guy was so confused what was happening and japanese twitter was going wild. He was freaked out that all his years of songs were deleted but luckily he got his channel back and all his vids were ok.
Noo his music is so good im glad he got it back
omg amatsuki beloved !!!
Always use protection kids.
The fact that there already isn’t a permissions tier system is wild. As soon as you list your CZcams as a business it should give you a tier list of permissions where the creator or CEO can put passwords on the different permissions so when someone logs into the account using whatever password it automatically limits access to whatever permissions was associated with that password.
Those things exist, the issue was that it was very obtuse as to how to manage when one of those accounts is compromised. The video is up.
bro even MC has a permissions
Believe it or not linus and LMG are in talks with google to see what they can do retroactively but also to have them improve preventative measures as a platform. Their security is a massive joke thats long past being funny when your talking about million dollar businesses
That was the exact problem that happened. The permissions made it significantly harder to track down from where the breached session occurred.
Hi, person looking for Bots in the comments
Mogul Mail and Charlie are my only source of news at this point.
A perfect choice of the two
They're all the news sources we'll ever need
Same bro, they give the best news thi so its fine
For me it is the same except I add friendlyjordies
Two most credible news sources today tbh
This happened to me about a year ago, genuinely the scariest and most stressful day of my life, and the fact they’re able to get a channel as big as Linus’ is pretty concerning, a good thing to look out for, is the email domain to see if it’s a scam or not
It's even more concerning since Linus is a tech centered channel. People who aren't as tech savvy could end up worse.
poafa deez :troll:
this happened to billiam too!😢
They still have people.
Jim browning himself fell for a very sophisticated scam. No one is immune.
It's a little bit more devious than phishing for username/password in this case. The issue was that someone executed a file from a phishing e-mail and it directly grabbed a token which effectively grants access to the account. The "Hacker" didn't have to bother with mfa or passwords he could just change the name of the channel and update the stream keys since those don't require any password confirmation.
Crazy to see Linus was hacked, you'd expect a tech channel would be less susceptible to phishing attacks. It can happen to anyone so be careful!
They have a bunch of 'creatives' who work for them these days. Now those people probably don't have access to the actual channel, but when a company becomes large enough, more vulnerabilities start to pop up. I really hope in depth details are released on the exact scam, not about who got scammed, but exactly how it happened. I just don't see how anyone falls for this stuff. Like I understand how my parents could possible fall for something like this, but I really feel the need to know how a tech company could.
He also talked about how he fell for an email scam that scammed him for quite a bit of money a bit ago. I think people often think only ppl who are careless or less informed can fall victim, but it can happen to anyone
@@tk_kaine to linus's credit, it was a long game, elaborate scam that was making every interaction seem extremely legitimate until it was too late. They did manage to get the money back but it took a lot of effort
It was not a phishing attack. It was malware that steals browser cookies
Happened to Jim Browning too, who literally makes content about hacking people.
Lud is 100% right, not everyone who works on a YT channel needs the master key to do their job. The new CEO could get a lot of good will just by doing this one change.
Don‘t know what Ludwig has to do with Mister Mogul Mail but you are absolutely right
That and bringing Dislikes back.
My content is better than you
Even facebook has a system where you authorize users to perform specific actions on your site, but not more than that.
if facebook can do it, anyone can do it.
If you watch Linus's video on it they were using some kind of program that let them do that but it just made it worse.
That RuneScape pic brought back so many memories ❤
I remember when this happened to Rae and it took her and her team awhile to get her channel fully back to normal. If I remember correctly I think she even asked her chat if there was any stream vods or videos missing that her/her team missed. I hope youtube gets their shit together sooner rather than later but its youtube so highly doubt it
Taking down the channel while the hack was getting resolved was the best move so that people don't unsubscribe from them and people don't get scammed.
Noticed that fake live last night, was clearly suspect. People were donating so they could warn against the scam.
This happened 3 years ago to one of my fave small creators, took weeks for him to get the account back where he went without income and lost subs, I remember hearing about a decent size group of creators getting hacked around the same time. CZcams should have been onto it by now, waiting 3 years for it to hit a bigger name and get talked about isn't good enough
Damn this is really sad, I hope more creators get this information and CZcams acts on this, hopefully we won't have many more until then!
Yeah, this has been happening for a while now. I've seen a few reasonably-sized channels get hacked like this. This is just the first time they got to someone huge on the platform.
Well, recently anyway
I remember a fortnite channel appearing in my subscription feed a few years ago when drake played with ninja. I assumed that youtube suddenly subscribed me to the channel for some reason, but looking back, it was probably either a hacked channel or someone suddenly rebranding.
it happened to valkyrae a little while ago
happened to trueunderdawggaming like last month
Billiam last month too
Not nearly as big but it's wild how often it's happening
I’m surprised that CZcams hasn’t cracked down on mogul mail yet for impersonating ludwig
AI has gotten really good
scam ARTIST
ugh this joke has gotten so old -_-
@@Mysticbeee lmao forreal I swear when lud started talking about how he hates CZcams comments now a days I thought he was gonna say how every vid he drops there’s mad people making this same joke over and over lolol
@@Mysticbeee damn, that sucks
Probably not spear phishing, but browser session cookies were stolen via malware. This would allow attackers to not have to authenticate at all, no need for passwords or 2fa to be known. It's a huge problem since most people stay in the session and the browser isn't configured to delete the cookies.
100% agree with your point. User and Group permissions are one of the most important security features for a network. Now, LTT probably has some in place and could've maybe been more strict on exactly who can access the channel, but if these were built into youtube itself and say, the thumbnail artist (who only has permissions to change a videos details like a thumbnail and description) was phished, then it would have been way less impactful, and the account would likely have never been taken down
This has happened to a ton of channels I sub to. It really sucks for smaller channels, and I'm sure it's super stressful for bigger channels with employees. Also, I agree. The comments are terrible, and they have been for a long time.
Maybe Google can implement the Google Docs method where every contribution is tracked to whoever the file is shared to, or in this case CZcams account, and also given different level of contribution like "Editor" or "Viewer". So that there is just a little bit of traceability to who was the weak point in the process and hopefully there's more opportunity to learn and see where they can shore up their defences against these scammers
Linus posted a video about how it happened, it was a "sponsor" email that looked absolutely legit but had a fake PDF attached to it, the attackers never got the passwords from what Linus said, they just got a copy of the session ID by getting a carbon copy of the browsers on the victims PC which were logged in to the company YT dashboards which bypasses the need for a password at all.
The one thing about it being Linus Tech Tips in particular is that a _lot_ of tech sector employees watch or are at least aware of Linus. So developers at CZcams are far more likely to be aware of this specific instance happening than when it happened to people like Valkyrae or Atrioc. Meaning they're more likely to be internal advocates for changes to the CZcams channel permissions system. Having internal advocates is really important in a slow-moving large company like CZcams.
For clarification the login credentials are not taken in this hack, they take the cookie that makes it so you remain logged in to your acount, then they change the password and 2fa if there is one (it should require login credentials to do this)
edit: I was incorrect. You do need credentials to change passwords but you can still do things like delete a lot of videos or start a live stream without them.
He also lost over 100k subscribers from this according to social blade. People notice they are subbed to some random channel (whatever they changed the name to) and unsubscribe.
No he didn’t. Bro also buys 100k subs every 1-2 months too lol.
@@GigiRuffa It is right there for you to look at. -100k
@@--_DJ_-- I witnessed it last night, and even watched I it go down to as low as 32 subscribers. It’s back to where it was at 15.3m, you just don’t know how to look for things on your own. Due diligence. Try it out for once. I’ll give you a hint, -100k, +100k. 😳😱😐🙄👀
@@GigiRuffa What do you mean I don't know how to look things up on my own? That is what I did, and that is how I found the same number as the OP. Do you go out of your way to be a douche or does it just come naturally?
@@GigiRuffa I wonder it if could be the people who actively monitor their subscriptions enough to notice a weird channel they are subscribed to are also aware enough to notice a channel they like they are no longer subscribed to? Nah probably not, botting makes much more sense.
I think what CZcams should do is make a permissions system like Discord, where you can select permissions by user that you add to your channel.
That already exists lol
two-factor authentication. That's all you need.
Damn hit the feelings bringing up trimming armour scam. I fell for that hard as a kid but it taught me a huge life lesson about scams, made me more careful in the real world ever since.
Haha I'm pretty sure I remember falling for the "type your password out, it'll censor it" scam when I was about 8. Good times, lessons learned.
The same happend to me last year. My computer got infected with "Ransomware".They encrypted all of my files on my computer and told me they undo it if I send them bitcoin. Right after that all of my social media accounts were gone and they streamed the exact same video of Elon! This shit pretty much ruined my life, because I'm a freelance motion designer and there was two months worth of work on my computer. Today few months later I'm still not able to pay my bills because of the damage this shit has done to me...
CZcams puts money over basic rights. They have shown Mr.Beast “tap now and win $1000” ads that are complete and total scams. The best part? You can’t even report the ads. It’s pathetic.
This happened to a smaller animator that i follow (Babbling Brook Animations- she's still trying to recover her subs) - not the ban, but the hack. Same channel hack with a bitcoin tesla junk stream. I really hope the new CEO does something about these hackers.
that shit crushed my soul when i saw it this morning, im a huge fan and even though i knew they would get it back, the attack itself was insane in how it went after everything on the computer
So glad that linus after dropping so much expensive stuff he also managed to drop his channel
1:28 I can already imagine Charlie saying “truuuuuuuuee” when he reacts to this
that's very scary i wish youtube had like a backup of everyone's channels just so that creators don't lose their content in case of a hack but imagine the amount of data that would be
I saw this happening live, and on some level it made me sad. I don't always watch LTT content, but when I do I really enjoy it.
(kind of akin to having your favourite show cancelled for another reality show ripoff)
Yes please, more layers for editors and managers where we can set permissions better!
Its crazy, I worked in accounting for a Fortune 500 company, we had to use a physical 2FA token for any financial transaction, even if we logged in with the token previously. Sure it can be "inconvenient", but with how youtube videos are monetized, every upload and deletion is a financial transaction and should be just as secure.
Channel mods can only remove comments, but adding users in held for review permanently would help stop these comments
Hey Ludwig - if you or someone else sees this just for general info - Some youtube accounts also get hacked to watch these streams. The ~800 viewers are completely legit but hacked accounts as this happened to one of my friends. He still has control of his account, changed passwords extra authentication and whatever but he is constantly watching these streams despite never opening them. This is a problem for smaller youtubers who can’t reach anyone at youtube to help.
Happened to one of my friends as well except his entire acc got terminated
Thats impossible.. literally they cant hack you for just watching a stream unless you click a link and download something. hes trolling you
@@tristanoce5233 That's not what they're saying.
@@tristanoce5233 reading comprehension out the window
@@tristanoce5233 lol you try and argue before you even know what's going on .
1:55 I see Ludwig is still listening to real music (The Strokes)
This has happened to so many people before, its really insane that youtube hasn’t taken care of it
Was waiting for this Mogul Mail coverage
Heads up! If you (for some reason) use the same password for everything, It only takes one password compromise for all of your accounts to be compromised. Even if you use a different username or email.
Due to the way that information is shared across the internet any cracked password ends up in the same place which is the first place password cracking algorithms will pull from when trying to get through to an account.
Mr. Mogul Mail wouldn’t have made that mistake
I feel a permission system like discord has for its roles would be a good way to build of what Ludwig said about premissions
0:30 I remember seeing this happen a while ago with a japanese singer's CZcams channel called 天月-あまつき. I didn't realise that was hacking at the time, was super weird
First the hard r and now this, Linus can't catch a break
Slight correction: they don't have a verified badge, when you change your name on youtube you have to re apply for the verified badge
CZcams should allow channel owners to designate other accounts to have permissions. Throw in mandatory two-factor authentication for channels that use this feature, and then accounts would not have to be shared. This would also make it really easy for people who have channels that are shared between multiple people.
You're litterally parroting Ludwig, why do this
This literally already exists
Happened to a German car and tuning channel as well a few months back JP Performance
Perfect time for Linus to make a video about cybersecurity. But fr a great learning opportunity for everyone
Lud you always make my day even tho im going through a difficult time i really appreciate the streams and content!
The old RuneScape doubling money trick works like a charm
2:55 HE SAID THE THING!!!
Linus isn't just a CZcamsr. He has a small CZcams Empire with various channels.
The fact that this guy makes his video in one shot. Thats natural and raw. I love it. Unlike the actual news that people shit out. All scripted and shit
Moist?
Something similar happened to a woman I watch on her old vlog channel. They ended up deleting all of her old content from that channel and she never got those videos back because she didn’t have backups or anything. And she had been vlogging on that channel for years and years. And CZcams was absolutely no help to her getting anything back or bringing back the channel at all. They gave her a whole run around and she was talking to someone about it at CZcams and then something happened and they made her talk tj someone else and basically were being completely unhelpful even though she had at least multiple hundreds of thousands of subscribers and had a direct contact.
I’m not sure but you’re talking about Meghan Reinks maybe?
This almost happened to me as well. A smaller creator reached out to me when his was hacked, gave me the details of how it happened. Then the same dirtbags tried to email me too about a week later.
It’s wild to me that CZcams doesn’t have any way to “freeze” a channel instead of deleting it temporarily while this happens.
It’s literally the same thing lol
@@GigiRuffa a freeze would make yhe real owner of the channel less worried
@@festi6882 it’s literally, the same thing. 😐
@@GigiRuffa Do you not understand that as a owner seeing ur channel still there is more reasurring than seeing the account has been permanently suspended ?
@@festi6882 they obviously get notified
Poor Linus, dude has a had rough start to the year lmao
I had heard what happened was some malware was used to steal the session login cookies, so that the attacker could simply open up a web browser, and be automatically logged into the profile. From there, they can change the password, and the two factor authentication method, and all sorts of other things to lock the original owners out of the account
also happened to a famous german youtuber called julien bam, all of his accounts were hacked at the same time with milions of subs, constantly dropping till he got banned. He got everything back but pretty stressfull because of the conncection of yt germany and yt usa
Thank you Mogul Mail. This video was very informative.
I felt oddly seen with the "It's hard to be a girl in the gaming space"
Agreed. He gets it.
I’m anxious so I prefer playing solo for this reason. The most multiplayer I’m fine with is the messages in elden ring
The Runescape reference made me realize i want to see Ludwig play OlsSchoolRunescape sometime
4:50 youtube it's just a little bit in the wrong
copium
"Hard to be a girl in the gaming space." -Ludwiga
Preach it sister.
*nods in confirmation*
Scanned over this comment right as she said it. CZcams perfection *chefs kiss*
@@itmeurdad Back in 2002-03, I was 12/13 years old, I uploaded a picture of hillary duff as my profile pic on poker stars (online poker app). I got given quite a bit of free chips from that moment forward :p Cant say I see eye to eye with ludwig there
Underrated commend, needs more likes
I agree. CZcams could do some real good throwing some role-based access control or permission groups etc. Back in the day when the biggest channel was two dudes with 100K subs, it didn't make sense. But now that channels have tens of MILLIONS of subscribers and they contribute to the livelihoods of dozens and dozens of people... channels really do need some more involved permission systems.
Already exists lol
I feel like another way to at least decreased channels getting hacked is by CZcams selling something like a titan security key since it makes it where the only way you can log in to something is by it being plugged in to your computer
All businesses at this point have retention policies. If CZcams actually doesn't have a retention policy for keeping channels content to be able to revert back to a previous state of the channel.
If CZcams doesn't have this they are living in the dark ages.
1:50 not really related the entire video but why “ludwigga” 👴🏻
His Channel is back up now thankfully
7:25 you can almost see the one-take flash before his eyes. good save though, stuck the landing
Too soon I fell for rune armor trimming 18 years ago and I still have trust issues. THE DUDE TOLD ME YOU NEED HIGH SMITHING TO TRIM IT AND THAT IT GIVES GOOD XP IT WAS SUCH A GOOD EXCUSE
I was there when it happened lol. Its so surreal.
Ludwig getting recommended songs by the Strokes is so based
Dude said the hard R for years and got away with it. One simple hack took it all away.
I guess Linus shouldn't have admitted to saying the hard R.
Truly unfortunate Linus “I’ve dropped a couple of Hard Rs before” Tech Tips 😢
Me and my buddies started a CZcams channel and got about 1k subs but after a week our channel was hacked and got banned but we couldn't get ours back. These hackers need to be stopped cause this is just gonna keep on happening if they don't get heavy repercussions for the things they're doing.
Everything MogulMail suggested is already a feature. Linus said it was on him for not using those features.
The real issue with CZcams is that they don't reverify your session when it suddenly changes location. This hack works by hijacking your session token (basically cloning your browser, keeping you logged in). That session token really ought to be valid only from the same IP address or at least country lmfao. But as it stands, a bot somewhere on the other side of the globe can copy your cookie and then reach into the whole cookie jar.
They also don't ask for relog on major channel changes. My back asks for 2FA a second time to view my account and routing number. CZcams lets you change the channel name and delete 1000 videos with zero authorization.
A German car CZcamsr with over 1 million subscribers was hacked on new years by the same people aswell and lost his channel just like Linus. It took quite a while to get the whole thing back but they got it back and everything is back to normal. Hope the same applies to Linus, just like the German CZcamsr he also has a company at stake.
my heart stopped.. glad everything is (probably?) ok😅
How’s ur mom doing?
when you're talking about adding new levels of permissions, you're referring to RBAC (role based access controls) and ya it sounds like CZcams should implement them
Thanks for spreading this info, I didn’t even think of perms for editors, so I’ll be sure to be more careful about that ❤
HOW AM I SUPPOSED TO GET MY SE- I MEAN MY TECH TIPS NOW!?!
EDIT I FINISHED THE VIDEO AND HES GOT IT BACK SO MORE SEX TIPS!? yayy
😳
I need my meth tips maaaan, im itching over hear.
He's back on CZcams!
Same thing happened to Corridor Crew a while back, was because of one employee clicking on an ad👀
Cybersecurity student here. To expand a bit:
Phishing is used to described when the attack has no specific target.
spear phishing is when the attack has a specific target in mind.
Whaling is a phishing attack that is targeting a specific person and when that person is a high ranking official on an organization, like a ceo, cfo, etc. just lil fun facts.
Poor guy he deserves better
Hey lud I love watching your videos hope you have a great day or night ❤
CZcams is missing some security basics then, such as options to enforce MFA and RBAC to allow channel operators to enforce least privileges access management.
Ownership tiers are a GREAT idea
The worse part of this, this happen to a lot small creators and they lose their account forever
I love the shirt of Ludwig holding hands with mogul mail
We need a full video on the Ludwiga story
Linus made a video about it but insane how early lud did this props to this guy.
I fell for the armor trim too lud. But I got so many people with the mage rune switcheroo