How Do YouTubers Get Hacked? 3 Tips to Secure Your Account

Glad you mentioned MFA fatigue, it's a real issue and as a sys admin I understand there's a need for security without overcomplicated systems, but some users (older ones) seem like they're unhappy with even just having to change their password. So MFA fatigue became a problem with some of our users, what we did was try to give them security formation as much as possible to educate them on WHY all of it is important. For now educating our users seems to work, so thanks for raising all those issues and giving all those tips & tricks.

Congrats on 100K

Congrats on 100k Shannon. There is a whole discussion that needs to happen about “trust”. What systems are trustworthy and what are not. Email and text messages are never trustworthy, in my opinion, and everything that comes in via those systems should be treated with suspicion. The problem is that we are all so busy and receive so much communications that sometimes our spidey senses don’t pick up a well crafted email, seemingly from someone we trust.
So I try to always have in my mind that I never trust anything from these sources and if there is any doubt, I fall back to the view that email and text messages, for example, are untrustworthy systems in my security profiling.
Thanks for your interesting and practical vids ❤❤

I just started and saw many people get hacked, this is a very useful video , thank you so much ❤

Congrats on the 100K Shannon, keep up the good work.

Thank you for keeping us safe!!

Shannon, As we discussed during the 2021 VidSummit - it's a sign of our times when businesses try improving connectivity, while business expands, and attack vectors increase (such as many lower-cost employees). Once I retire from my Day-Job, the only Cyber Security I will work on is my own, since nobody listen's.

Great video and important message!

An amazing video on security while arriving at 100K subscribers! Congrats Shannon!

Great Video Shannon, I was wondering when you were going to do a video on this. First good reason to use a Chromebook I’ve heard yet. Congratulations to you having 100K subscribers, 500K and 1M are going to happen soon 🎉

Great video. What I also would have liked to see though is "what could youtube do?". On one hand for prevention but also what red flags could they set in terms of channel activity, right? Like when the whole identity of a channel is being changed and tons of content are being privated or deleted. There could be a 3 day timer or something, fully automated (the way google likes it) for changing key elements of a channel. And then you have 24h to change the things you want to change and after that it locks again. I think the best prevention is to discourage the attacker by making it a lot less appealing.

Good stuff as usual

Love the Sony Alpha shirt! A7IV and A7II user here!

Very good explanation why each security implementation is helpfull.
Thank you for the easy to follow tips.

Great just perfect seriously such an educational video deserves millions of views

Thank you Shannon 😊

Can you do car apps next? I was pondering getting some yubikeys for my parents now before I'd fully eased them into the idea or buying later and then had the 'oh sh*t the _car_ (is app controlled)' moment.
Granted I think before might work better so I can help walk them through a hands on experience.
Also Austria now officially accepted these things as part of their government IDs security and online signatures and as an Australian that is both heartwarming and crushing, because I thought my government had done a major security upgrade for a second but no. America might be taking interest though and we do tend to copy America on lots of things which is and isn't always a good thing, so hope is on the horizon.

Good work

We can turn on the "Advanced Protection Program" on our Google account. That setting forces our 2FA to use hardware keys only.
But we must first have 2 hardware keys in possession, then start the setup and turn this feature on.

Passwords 123456? lol😅 Congrats on 100k, too. Thank you for all the interesting stuff over the years.

Hi, thank you so much
My main youtube is hacked and team youtube is currently working on it to recover
Thank you for the information. I will surely secure my account once I get access to it. Thank you for the tutorial❤❤❤❤❤

Amazing video!! I feel like someone recommended this in the comments section the day after the LMG/LTT hack. Wait... Was that me?!? Probably a coincidence. I hope Linus is watching, well, one of his worker bees that manages his YT account(s).

They need to update cookie handling so that it IP address changes, or device information changes in relation to the cookie, the session is automatically invalidated.

I'd like to hear your thoughts on Google's new passwordless login. I plan to explore it later today.

This is the reason why i have not started a youtube channel, drop shipping, and affilate because i am trying to figure out how to protect my info from scammers before i even start this stuff. Also i was wondering if i can use a different birthdate than my actual one, and more. I will go through your channel and check out more. You see others talk about how to open a youtube channel but no one really goes over how to protect yourself.

Awesome video Shannon. Quick question about hardware keys. Can one key be used for multiple accounts such as email, bank, and social media or would each account need a separate key?

The most obvious tip is don't sign into sensitive websites on public open Wi-Fi unless you are going through a VPN. Also if you have to be on your computer in public make sure to use privacy screen covers and position your self in such a way to limit who can see your screen or get behind you. Never leave devices unlocked or unattended even for a second.

Beautiful solution, a physical key, but this solution is expensive for various countries, like Mexico

Always great information Snubs, but I'll tell you what...95% of the people out there have ZERO idea what you are actually talking about. I get what you're saying, but some of this I can't even do. I have multiple financial institutions I utilize for credit cards, banks, retirement and investments...NONE of these allow using a hardware key or even google authenticator. The funny thing is, our tax person DOES REQUIRE either a hardware key or google authenticator. I find it interesting that you seem to be able to use your keys EVERYWHERE, yet NONE of my sites (and we're talking big finance houses like Fidelity, Vanguard, Alight Solutions (ok, they are a crap place, but what do you expect for the lowest bidder site that so many companies use to house their benefits and retirement information at). None of those have a way to use a Hardware Key or Google Authenticator. I've even asked, and they say "We have 2FA via your phone, that's super secure"...even though we all know it isn't. :(
I just wish there was a way to find these hackers, and stake them to an ant hill for a few months...

Hi Shannon what if my iCloud and iPad been compromised will the attackers manage to get into my UA-cam and gmail account even I sign out. By the way I have used personal security key but still I feel my iPad, iCloud still compromised. Do you think malware keyloggers bypass personal security key? Congratulations 100k🎉

How do your change the email to log in to my UA-cam account and not mess up my Adsense account to get paid? How do I automatically expire cookies in Chrome in the Mac?

Surprised she didn't mention Passkeys given Google have rolled them out today.

can you please make a video about facebook PGP encryptions ? please

Excellent, coherent, content. Yes I've locked down my Google, Yahoo, Go Daddy accounts with each of my 2 Yubikeys. Sadly, Hardware keys are not allowed for bank accounts, except for Bank of America, nor for Stock Brokerage Accounts, except for Vanguard.
I disconnect the ethernet cable from my computer after I've shut it down to insure nothing can get into or out of my computer.
Warm Regards from Reno, Nevada.

Dark Mode. Respect.

I wish there was an option to lock an account aka not be able to change any settings/passwords without having to jump thru hoops instead of having to jump thru hoops just to sign in. my google account for YT has nothing on and I never touch it.

Does the brand account not need two-level authentication? I tried to set up Google Security Double Authentication for the brand account, but it keeps getting 403 errors. Anyway, I need to log in with the Google main account to get the brand account, so is there no need for two-level authentication?

I love your videos. I'll be happy to activate the 2FA in Google account but the problem with Google 2FA is that he asks for my phone number and I don't want to share it with Google.

If I have a Yubikey, should I not have text or backup code 2FA? Would that be “leaving a door open”?

So basically don't click on links you don't know about .

New subscriber here, Shannon. Thanks for the great security tips, can be used all across our online life.
A security tip I'll throw out there; if a website you log into allows you to create a 50 character password AND you have a password manager that will generate that type of password, ✅DO IT! Let me know if I'm wrong. Cheers!

Do the subscribers also get affected when the account of the UA-camr is hacked?

Thanks to Congress, all email addresses are public infomation. Mx Linux and Linux Mint are great alernatives to Windows..

I have a MAC spoofer on my computer. Will the Yubico work with the spoofer running?

Its really ironic that so called "tech" youtubers are falling for this. This makes me question their intelligence. Also, i happy that this happened to so called "big guys", this will ground them to reality.....

Hey Shannon, so I have a gmail that UA-cam sends me emails, but that gmail is connected to my main email which is a yahoo account, and I can actually sign into my youtube channel with my yahoo email. Am I at higher risk for being attacked? Could a Yubikey help protect my channel further? Thank you.

you don’t need gmail to use a google account or UA-cam account btw.

hope u did this to your own channel

✨⭐✨💞💖💞💖💖💞💖💞💖💞💖💞✨⭐✨

e

Why does everyone use this stupid term bad actors all the time

You recommend an authenticator APP? yikes!

Hey Shannon, thank you so much for this video! I was curious though, If my youtube has a recovery email thats been on haveibeenpwned about 10 times, should I completely change the recovery email because it can be used to log in? Thank you!

Today, Google introduced “passkeys”. Where does this fit in; before 2FA, or in place of?

UA-cam should give every youtube channel a unique 9 digit code associated with their channel, so when they receive any notification from youtube the email should contain this unique code.

I'm surprised you don't recommend the Yubico Authenticator app. I absolutely love the crap out of it, because the data is stored with the Yubikey. When my phone died recently, I lost all of my Google Authenticator data, but I just swipe my Yubikey, and boom, I'm ready to grab a code.

The only thing I do more is put a pin on my YubiKey so if someone that gets it has to know my PIN to be able to use it.

I got same issues no long age, but I'm so lucky i found an iguser name Kelvin Ethics and he was able to recovered mine

@ShannonMorse Hi!! i have a question: back in the day when wow was very popular (2007ish) i bought a key-chain token authentication, would something like that work too? Even having apps on smartphones for this doesnt make me very confident. Congrats on 100K subs!

Always interesting and helpful content, thank you for that.
One caveat to this clip: You recommend Google Authenticator for 2FA, but at the moment (April/May 2023) GA is SYNCING THE SECRET IN PLAIN TEXT(!). They promised to repair that, but as far as I heard, that hasn‘t happened till today.

Having mine back asap in this kind of situation, i most confess KelvinEthics is a legend