Hello Reader,
It’s been a minute since my last email – but as promised, I will only send emails IF anything happens that directly impacts Creators – and this one does…
So here we go:
A big tech Creator, Linus, had his Twitter account hacked.
The method they used to hack his account, could be used to hack any social media or YouTube, so it is worth understanding what happened:
What happened?
Linus received an email from Twitter saying that there was a new login to his account from a new device.
Of course, Linus didn’t log in with a new device especially not from Russia. So he clicked on the link to instantly changed his Twitter password.
And this is where it went wrong!
The website looked like a Twitter Reset Password page but was a FAKE site that harvested his password.
Please Note:
This is NOT a dig at Linus by any means.
Anyone, regardless of technical ability, can get hacked. Professional Security Researchers get hacked.
All it takes is just one unfocused moment and your accounts are gone.
Hackers send millions of Phishing emails that are “personalized” and if you quickly check your email, especially on your phone, it’s easy to fall for this.
The hackers deliberately put Russia in the email as Russia is notorious for having some of the best hackers. The second you see “Russia” and “log in from a new device” your immediate reaction is to panic!
This is exactly what they are counting on.
They used SendGrid, a mass-emailing platform that tracks the links clicked. This is a smart way to get by the anti-virus as SendGrid links are not a threat.
What should you do?
While this was aimed at a Twitter account, this could easily be done for any social media, for YouTube, for any online service, and your email.
If you get this type of email, always go to that site/ service directly in a browser or via the app. If there is anything that you need to do, such as change your password, you will be notified.
Do not click on links from email!
Saying that, my friend John Hammond has a full geek breakdown of the code if you want to check that out, you can click here (this is a link to a YouTube video, but if you prefer you can just search for his name on YouTube – this isn’t a test haha)
As they say: “To not get hacked, you have to get lucky every time, hackers have to get lucky once” (or something like that…)
As always, keep safe out there,
Liron Segev
ps. If you are going to be at VidSummit 2024 in Dallas, I will be there so come say hi. I may or may not be getting up to no good with some security stuff at the event 😜