Linus Tech Tips had their X/Twitter account hijacked and they hacked it on the WAN show – the channel podcast.
The hack was a pretty basic email scam. After receiving an alert that their X account had been accessed in Russia, Linus attempted to shut it down.
However, as Linus points out, he was very confused. It was a pool party and he had just fired up the grill. The page he found looks like an official X or Twitter password reset screen.
All it does is capture your current password by making you fill in the “old password” box. When you reset it to the new one, it doesn’t actually do anything, and now the scammers have your password.
A big part of modern day hacking is social engineering. In an investigation by cyber security expert John Hammond, he found that the site would present an “incorrect password”, even if it was correct.
This ensures that hackers get the correct password, as the victim is likely to carefully retype it the second time.
Hammond’s full breakdown is featured in his video, or a thread on X.
Linus Tech Tips Considered Abandoning Twitter
Hackers briefly hijacked the X account, which Linus himself has talked about retiring.
“I don’t really care about the Twitter account,” Linus interjected.
“I’ve had numerous conversations in the last six months about not bothering with him anymore.”
Since Elon Musk’s takeover of Twitter, the social media platform has faced criticism from some big creatives. For those who have drifted away from Musk’s app, some, like Linus Tech Tips, are finding their footing elsewhere:
“We don’t have a lot of engagement there, compared to Instagram, compared to TikTok.”
Linus also revealed that the company’s social media team has been redeployed to work in other areas. An example given is that they will get an extremely low number of “referrals” on the links they post.
LTT managed to re-secure the X account, but pointed out that modern email applications obfuscate vital information – like email addresses. By hiding an email in a small drop-down menu – like in the Gmail app – it’s fairly easy to be tricked by a malicious actor.