Linus Tech Tips’ X/Twitter account was hijacked and they reported about it on the WAN Show – the channel’s podcast.
The hack was a fairly simple email scam, and after receiving an alert that his X account had been accessed in Russia, Linus rushed to close it.
However, Linus points out that he was very distracted. It was a pool party and he had just fired up the grill. The page he found looks like an official X or Twitter password reset screen.
All they do is steal your current password by having you fill in the “old password” field. If you change it back to the new one, nothing happens and the scammers now have your password.
Much of modern hacking is social engineering. During an investigation by cybersecurity expert John Hammond, he found that the site was displaying a “wrong password” even when it was correct.
This ensures that the hackers get the correct password, as the victim is likely to carefully re-enter it the second time.
Hammond’s complete breakdown can be seen in its own video or a thread on X.
Linus Tech Tips considered giving up Twitter
The hackers briefly hijacked the X account, and Linus himself talked about closing this account.
“I don’t really care about the Twitter account,” Linus interjected.
“I’ve had several conversations over the last six months about how I just don’t want to deal with it anymore.”
Since Elon Musk took over Twitter, the social media platform has come under fire from some major developers. Those who have strayed from Musk’s app, like Linus Tech Tips, are finding their place elsewhere:
“Compared to Instagram or TikTok, we don’t get as much engagement there.”
Linus also revealed that the company’s social media team has been redistributed to focus on other tasks, citing as an example that they receive an incredibly low number of “recommendations” for the links they post.
LTT was able to secure the X account again, but pointed out that modern email apps obfuscate important information – like email addresses. By hiding an email in a tiny dropdown menu – like in the Gmail app – a malicious actor can fool it quite easily.
