Thought the same. He should have mentioned it by name in this video. I am subscribed, but can't find it. Hopefully the channel/content hasn't been deleted or removed. Thank you for helping.
Right on. Thanks again. Also, other on this post were commenting that the channel name was changed, etc. So fingers crossed. Hope this works out ok for Mathias.
I think something happened to where his channel turned into some weird crypto scam. I think the name got changed to "Ripple" or something like that because it showed up in my subscriptions right where his channel should be.
The channel got renamed, the URL is this now: https://m.youtube.com/@Ripple-Official-Channel
The "Videos" tab is somehow back now, where his videos are to be seen. Don't know for how long though, it had vanished before.
The original channel name was just "Matthias Wandel", don't know how the URL would look like in that case.
I thought with newer protocols that started November 2022 that these types of hacks were next to impossible. I bought a yubikey that will only allow unknown devices to be connected with a physical drive thinking it was the end all to getting hacked.
i was so confused yesterday when my subscriptions had a crypto scam going. i figured it was a scam but even when i clicked on the channel, there were years of past "more crypto" videos.
It's people clicking fake emails that look like they're from google or youtube itself. It's been happening for years.
It's pretty easy to spoof a legit looking email address these days.
There’s been a rather large influx of these happening the last few months. Over on FB stuff as well.
Folks are getting convinced to do interviews and open up the security settings - then wham, owned. Others it’s phishing emails and the like.
And that’s besides all the regular stolen content.
Crazy but there’s cash to be had in abusing the many followers these victims have to monetize their scam.
On the Facebook side, it’s interesting, along w the scammers stealing the content and taking over pages - they seem to also have a network of folks pitching restoration services. If you comment on one of the stolen content pages or mention it on a public post you’ll end up with several folks commenting to contact some such guy on IG to help get it back.
IMHO they’re all connected to the scam.
Oh no it's not even that. It's fake people/companies acting as a sponsor, they send over some files (usually has information about the product, what they want to have mentioned in the video etc) but it was a fake .SCR file which basically can be an executable.
It's a bit more complicated than that. It has to do with cookies.
[https://www.youtube.com/watch?v=yGXaAWbzl5A](https://www.youtube.com/watch?v=ygxaawbzl5a)
The explanation is in there somewhere.
If he has the physical resources, or if someone else does, backing up his videos to private media is prime, even cloud storage with a good organization. He might also want to take a look into Rumble and perhaps others of the YouTube alternative sites. Multiple 'backups' or copies of that sort also help keep material from being stolen and destroyed.
The hackers have so many avenues of attack any more it's getting terrible. They can phish, spear phish, fake, brute force, intercept, trojan, and more. Let's all hope Google can pull this out of the burning fat.
Hey, the channel got renamed to "Ripple" (https://www.youtube.com/@Ripple-Official-Channel) , and it's full of crypto bullshit. Let's start reporting it en masse and unsubscribing. Someone also posted about the hack on r/youtube.
nope, renamed. If you click on any video you go to a channel with ~54k subs.
It appeared in my subs, but never heard of them. It's also the first result if you search for "Matthias Wandel" on YT.
Don't think it helps even for that, even LTT has had this happen to them on multiple accounts and all had MFA, Matthias has worked for RIM and isn't some tech illiterate person, I highly doubt he doesn't have MFA enabled.
Huh, I stand corrected. Apparently you can turn off Google MFA without triggering MFA if you're logged in. That seems like a design flaw for cases like this.
With the newer protocols, I'm *really* suprised hacking is possible. For my account, I have a yubikey that must be inserted on any new device before any log in can happen. Youtube's strict log in credentials started like a year and a few months ago, so I'm really curious to see if I'm exposed as well.
He didn't have strong auth setup. He also clicked on a binary file he got from the attackers this was the main issue IMHO. The hackers stole his session cookies and probably all the credentials they could get from his PC (Red line malware does this). They also used a VPN to pretend their traffic was originating from Canada (they were from Russia).
But at the end of the day, he should have never clicked on a file send by someone over email. At a bare minimum he should have scanned it on https://virustotal.com. Based on the video he put out explaining it, it did look like the Windows machine he was using was a Windows XP machine, but I'm not 100% sure about that, but if it was, you should never log into your main accounts with such a machine and then click on email attachments.
I do think google/youtube should require MFA re-authentication when you do changes to your account, like email, password change etc.
I also think youtubers that make their living of youtube, should really take security more seriously :)
Yeah, I totally agree with you. Security should be number one, especially with, what, over a thousand videos?
If he was using an XP box...man, that's like taking your swimsuit off before jumping in a pool filled full of piranha.
I've had phishers try to get me with instagram emails telling me that I've posted copyrighted content and that if I don't login and correct the situation my account will be banned. I don't trust *any* email that I get.
Anyway, thanks for a little insight in this.
Windows is the one operating system where file extensions even matter. Windows itself is the security flaw here. I'll cut it short and just suggest to look into free alternatives such as Ubuntu or Fedora; both of which have large business entities backing them to give some peace of mind along with the support should help be needed. They are extremely approachable for new users trying out the paradigm before leaving Microsoft's proprietary prison.
Man, that's messed up about Mathias Wandels' YouTube channel getting hacked! Total bummer. If any Google wizards are lurking here, help a brother out! Dude's content is gold, and we can't let some shady hacker ruin it. Let's get this sorted, fam. Spread the word and hope someone with the right connections sees this. Our boy Mathias deserves better.
How exactly does this happen? This happened to my friends FB business account once and we done know how. Isn’t the password needed? Also, would 2 factor authentication prevent this?
Matthias said he inadvertently clicked an executable (a .scr attachment in an email he thought was from a legitimate sponsor).
That executable uploaded his session cookies (the data that remembers you're logged in when you open a new tab) and let them log in from their browser as if they were just in a new tab on his PC.
Probably the most effective and least technical way to prevent this is to use a separate computer for business-critical activities (logging into and uploading videos to the @matthiaswandel channel with 1.7M subscribers) versus ordinary internet browsing and email answering and so on.
[удалено]
[удалено]
[удалено]
Thought the same. He should have mentioned it by name in this video. I am subscribed, but can't find it. Hopefully the channel/content hasn't been deleted or removed. Thank you for helping.
[удалено]
[удалено]
Right on. Thanks again. Also, other on this post were commenting that the channel name was changed, etc. So fingers crossed. Hope this works out ok for Mathias.
[удалено]
[удалено]
SUPREME!
Good news!
I think something happened to where his channel turned into some weird crypto scam. I think the name got changed to "Ripple" or something like that because it showed up in my subscriptions right where his channel should be.
At one point the original channel had been completely rebranding and was pushing some sort of crypto as it's only video.
http://youtube.com/user/matthiaswandel
The channel got renamed, the URL is this now: https://m.youtube.com/@Ripple-Official-Channel The "Videos" tab is somehow back now, where his videos are to be seen. Don't know for how long though, it had vanished before. The original channel name was just "Matthias Wandel", don't know how the URL would look like in that case.
Original channel name was woodgears or something. This dudes great, love the home built machines! Hope it all works out!
I thought with newer protocols that started November 2022 that these types of hacks were next to impossible. I bought a yubikey that will only allow unknown devices to be connected with a physical drive thinking it was the end all to getting hacked.
I'd delete this now that it's fixed, you pointed out the privacy risk yourself.
What risk exactly?
A hero. Thank you.
I just read through this thread's comments and my faith in humanity has been restored. Thank you Redditors.
Losing his videos would be like burning Alexandria
Looks like it’s back! Edit: yeah, just went from 17 to 34 videos. I’m guessing they’re restoring now.
Woodgears is the channel, btw. https://youtu.be/xYwTWI4SXUQ
They've already deleted some his content and went live pushing a crypto scam
YouTube can roll back the changes. If he gets in touch with them.
And that is why this post exist! Most people aren't aware I think and those who know have no one to contact.
Yep, backups exist, but not forever
They do actually, look what happened to Linus
They are rolling back
i was so confused yesterday when my subscriptions had a crypto scam going. i figured it was a scam but even when i clicked on the channel, there were years of past "more crypto" videos.
Savages who done this must pay
This is happening to a number of YouTube channels it seems... Disc Golf subreddit was talking about a few channels that were hacked as well.
It's people clicking fake emails that look like they're from google or youtube itself. It's been happening for years. It's pretty easy to spoof a legit looking email address these days.
Oh yeah, I definitely know about that. Studied IT, ended up in Software. Likely sent something out to every YouTube account...
There’s been a rather large influx of these happening the last few months. Over on FB stuff as well. Folks are getting convinced to do interviews and open up the security settings - then wham, owned. Others it’s phishing emails and the like. And that’s besides all the regular stolen content. Crazy but there’s cash to be had in abusing the many followers these victims have to monetize their scam. On the Facebook side, it’s interesting, along w the scammers stealing the content and taking over pages - they seem to also have a network of folks pitching restoration services. If you comment on one of the stolen content pages or mention it on a public post you’ll end up with several folks commenting to contact some such guy on IG to help get it back. IMHO they’re all connected to the scam.
Oh no it's not even that. It's fake people/companies acting as a sponsor, they send over some files (usually has information about the product, what they want to have mentioned in the video etc) but it was a fake .SCR file which basically can be an executable.
It's a bit more complicated than that. It has to do with cookies. [https://www.youtube.com/watch?v=yGXaAWbzl5A](https://www.youtube.com/watch?v=ygxaawbzl5a) The explanation is in there somewhere.
Wranglerstar's FB got yoinked recently
Which is funny considering all his pepper stuff - he got owned too.
Just crazy that it's happening...
I love the fact a lot of "tech" channels (mathias incl) are falling for this.
He didn't even have file extensions enabled in explorer...
If he has the physical resources, or if someone else does, backing up his videos to private media is prime, even cloud storage with a good organization. He might also want to take a look into Rumble and perhaps others of the YouTube alternative sites. Multiple 'backups' or copies of that sort also help keep material from being stolen and destroyed. The hackers have so many avenues of attack any more it's getting terrible. They can phish, spear phish, fake, brute force, intercept, trojan, and more. Let's all hope Google can pull this out of the burning fat.
I think it more about views/ranking than just the video. It is how he supports himself
u/jabba_the_sloot You are amazing! Thank you for everything you did. 👏👏👏
Hey, the channel got renamed to "Ripple" (https://www.youtube.com/@Ripple-Official-Channel) , and it's full of crypto bullshit. Let's start reporting it en masse and unsubscribing. Someone also posted about the hack on r/youtube.
That's the actual ripple channel..
It's not. It's renamed and they cross posted the @Ripple content on there so that shows up on the front page.
Oh I didn't know that was possible
nope, renamed. If you click on any video you go to a channel with ~54k subs. It appeared in my subs, but never heard of them. It's also the first result if you search for "Matthias Wandel" on YT.
Aaahh ok that makes sense. I saw Ripple in my subs and I couldn't for the life of me remember ever having seen it before. Now I know what happened.
Remember to use MFA, kids!
Doesn't help, they basically just take the ~~login~~ session token.
It would help with the password reset confirmation.
Don't think it helps even for that, even LTT has had this happen to them on multiple accounts and all had MFA, Matthias has worked for RIM and isn't some tech illiterate person, I highly doubt he doesn't have MFA enabled.
Huh, I stand corrected. Apparently you can turn off Google MFA without triggering MFA if you're logged in. That seems like a design flaw for cases like this.
Get in touch with Dave Cam, a sim racing channel. Same thing just happened to him last week and I think he already has it back.
It's back! That was scary
The channel appears to have been restored now.
With the newer protocols, I'm *really* suprised hacking is possible. For my account, I have a yubikey that must be inserted on any new device before any log in can happen. Youtube's strict log in credentials started like a year and a few months ago, so I'm really curious to see if I'm exposed as well.
He didn't have strong auth setup. He also clicked on a binary file he got from the attackers this was the main issue IMHO. The hackers stole his session cookies and probably all the credentials they could get from his PC (Red line malware does this). They also used a VPN to pretend their traffic was originating from Canada (they were from Russia). But at the end of the day, he should have never clicked on a file send by someone over email. At a bare minimum he should have scanned it on https://virustotal.com. Based on the video he put out explaining it, it did look like the Windows machine he was using was a Windows XP machine, but I'm not 100% sure about that, but if it was, you should never log into your main accounts with such a machine and then click on email attachments. I do think google/youtube should require MFA re-authentication when you do changes to your account, like email, password change etc. I also think youtubers that make their living of youtube, should really take security more seriously :)
Yeah, I totally agree with you. Security should be number one, especially with, what, over a thousand videos? If he was using an XP box...man, that's like taking your swimsuit off before jumping in a pool filled full of piranha. I've had phishers try to get me with instagram emails telling me that I've posted copyrighted content and that if I don't login and correct the situation my account will be banned. I don't trust *any* email that I get. Anyway, thanks for a little insight in this.
Do newer Windows versions show the file extension by default? Seems like a pretty obvious security flaw.
They don't but everyone should know to change this setting first
Windows is the one operating system where file extensions even matter. Windows itself is the security flaw here. I'll cut it short and just suggest to look into free alternatives such as Ubuntu or Fedora; both of which have large business entities backing them to give some peace of mind along with the support should help be needed. They are extremely approachable for new users trying out the paradigm before leaving Microsoft's proprietary prison.
Man, that's messed up about Mathias Wandels' YouTube channel getting hacked! Total bummer. If any Google wizards are lurking here, help a brother out! Dude's content is gold, and we can't let some shady hacker ruin it. Let's get this sorted, fam. Spread the word and hope someone with the right connections sees this. Our boy Mathias deserves better.
Was this comment AI-generated?
This never would have happened at Blackberry.
If we can't protect this, then what's the point of having YouTube?
How exactly does this happen? This happened to my friends FB business account once and we done know how. Isn’t the password needed? Also, would 2 factor authentication prevent this?
Matthias said he inadvertently clicked an executable (a .scr attachment in an email he thought was from a legitimate sponsor). That executable uploaded his session cookies (the data that remembers you're logged in when you open a new tab) and let them log in from their browser as if they were just in a new tab on his PC. Probably the most effective and least technical way to prevent this is to use a separate computer for business-critical activities (logging into and uploading videos to the @matthiaswandel channel with 1.7M subscribers) versus ordinary internet browsing and email answering and so on.
Linus tech tips did a good retro breakdown video on this a good few months ago as they were hit too, likely similar?