Matthias Wandel's YouTube channel got hacked [video]
youtube.comIt appears like the channel has thankfully been restored to some prior state. All the Ripple stuff is gone.
This sucks. Some crypto scam BS replaced it.
https://www.youtube.com/user/matthiaswandel now redirects to some Ripple nonsense.
Thank you for this thread. I posted one but it didn't get anywhere (https://news.ycombinator.com/item?id=39183534)
Adding my comment in the hopes it will inflate this thread's visibility.
I've noticed some people blaming Matthias for this which is silly. We all like to think we've got our security tight and locked but the truth is that, for almost all of us, it'll never be tested.
FYI: Matthias Wandel worked at RIM (aka BlackBerry) from 1993-2007 and now runs a popular YouTube channel on woodworking and engineering
Feels like this is relevant here: https://kellyshortridge.com/blog/posts/what-does-the-word-se... - this is not Matthias’ fault, this is our systems failing us all in creating a ‘secure’ environment.
It's awful that only a privileged subset of hacked users may get enough public attention to have Google give special treatment.
But I hope Matthias gets his channel back. I'm a long-time subscriber to both of his channels. Hopefully my comment adds into the pile and brings more notice to him :)
Even tech savvy people can still fall for that stuff unfortunately.
I don't know him but he seems to be on the non-computer side of tech? No way anyone computer-savvy would fall for something as cliché as this
>No way anyone computer-savvy would fall for something as cliché as this
The number of things it is truly appropriate to say this about approaches zero. Matthias has extensive "computer" experience (and that's an understatement). It's counter-productive to no-true-Scotsman the concept of a person who is "competent" or "savvy" with "computers" - the field is too large/complex, especially anything remotely security related. Just focus on reality, i.e. what actually happens. This happened.
Well said. If Matthias, a person who programs Python scripts for stress testing machines, and can navigate the hideous UI/UX of some digital oscilloscope, is not "computure-savvy"...
Give any of us a tired morning without coffee and a mis-click, and many of us could be in the same predicament.
Matthias has deep professional EECS experience and was an engineer on the RIM Blackberry.
If his channel ever comes back, check out the cool wood projects incorporating a Raspberry Pi.
And he runs an scr file from an email? Huh
I think we would all agree you have to REALLY let your guard down to accidentally open a file like that.
But you would be surprised how much you drop your defenses when you are convinced you just got an email from a friend/business partner/etc.
I know a not-incompetent technology director who bought a gift card and sent the number to a scammer, because the scammer had hacked their coworker's email address, so the request came from a legit address.
And of course it's crypto scam shit. This entire industry cannot die soon enough.
Even worse, it’s AI-generated crypto scam bullshit.
I can’t imagine what Matthias is going through right now. Hopefully this is reversed cleanly without losing history on the channel.
The fact the username and URL do not match and the fact the bullshit videos are both new and old, tells me this is not a mass-delete + mass-upload (YouTube is rated limited anyway) but rather a weird mechanism that redirects or merges the legit account into the attacker's account. So the content is most likely safe.
I don't even think the attackers care about deleting the original content, it doesn't serve them in any way, except maybe if they can extort extra money from the creator by keeping it hostage? Let's not give them ideas.
I'm still very confused about what happened. The crypto videos were all uploaded 9+ months ago, and had at least a few thousand views.
Where's this Youtube or Google merge account function?
> You can't merge or link separate YouTube channels or automatically transfer data from one channel to another. But you can manually re-upload your videos to a different channel that you manage. Watch time and other metrics will start over for any new uploads.
https://support.google.com/youtube/answer/2404846
Sounds like Google has more issues than just account login/password compromises.
edit: Looks like there's some extra functions for "Brand Accounts" : https://support.google.com/youtube/answer/3056283
which says: "You can move your channel and its videos over from one Brand Account to another, as long as they’re associated with the same Google Account."
But I don't get how this crypto account got to be on the same Google Account, but maybe you can attach as many Brands as you like to a Google Account?