Summary of "My Channel Was Deleted Last Night"

Linus Tech Tips YouTube Channel Hijacking Incident

The video documents the experience of Linus Tech Tips (LTT) having their YouTube channel hijacked and temporarily deleted due to a sophisticated cyberattack.

Incident Overview

The attack began early in the morning when LTT’s main account was renamed and used to stream a fake Elon Musk cryptocurrency scam.
The scam linked to fraudulent websites promising double Bitcoin returns.
Despite efforts to regain control—such as privating streams, revoking stream keys, and resetting credentials—the attackers repeatedly regained access.
Many videos were deleted across LTT and its sister channels (Techlinked and Techquickie).

Key Vulnerability: Session Token Hijacking

The attackers did not exploit weak passwords or poor two-factor authentication (2FA).
Instead, they used session token hijacking.
Session tokens allow users to stay logged in without repeatedly entering credentials.
Malware installed via a deceptive email attachment extracted these tokens from browsers, bypassing passwords and 2FA entirely.
By stealing browser data—including saved passwords and session tokens—the attackers impersonated logged-in sessions and gained full access.

Lessons and Challenges

While 2FA is important, it is not foolproof, especially against session hijacking.
The LTT team acknowledged internal shortcomings:
- Insufficient training on cyber threats.
- A complex channel management system that complicated the response.
Google’s tools and processes for managing channel security and recovery were found to be unintuitive.
Communication during the crisis was limited and opaque, adding to the difficulty.

Calls for YouTube Security Improvements

Linus calls for the following enhancements to YouTube’s security measures:

Stronger authentication requirements for sensitive actions such as:
- Changing channel names.
- Resetting stream keys.
Rate limiting or additional authentication prompts for bulk destructive actions (e.g., mass video deletions).
Better session token management, including:
- Time-based expirations.
- Re-authentication prompts when suspicious activity or unusual locations are detected.
More transparent and supportive communication from Google during incidents, especially for smaller creators who lack direct support.

Community and Team Response

The community response was highly positive:
- Fans warned viewers via super chats.
- Many subscribed to alternative platforms like Floatplane to support the creators.
- Helped spread awareness quickly.
Linus thanked his team and YouTube partners for their support throughout the ordeal.

Sponsorship

The video concludes by acknowledging the sponsorship from dbrand, who supported the video despite its sensitive topic and offered a special discount to viewers.