YouTube Channels Are Being HACKED! (How to Protect Yourself)
Summary
TLDRIn this cybersecurity-focused podcast, the host interviews Shannon Morse, a security and privacy advocate, about the recent hacking of their YouTube channel. They delve into the details of the attack, discuss the challenges of detecting unauthorized access, and share essential tips for creators to safeguard their online presence. Shannon emphasizes the importance of using hardware keys for two-factor authentication, auditing third-party app permissions, and employing VPNs to protect sensitive information. The conversation underscores the value of proactive security measures for creators to prevent potential breaches and maintain peace of mind.
Takeaways
- 😨 The risk of YouTube channels being hacked is real, with attackers quickly changing account details to lock out original owners.
- 🔒 Importance of robust account security, including two-factor authentication (2FA), to protect against unauthorized access.
- 🔑 The vulnerability point in the case study was an 'approve or deny' 2FA fatigue, where team members approved a suspicious login attempt, suggesting the need for vigilance with 2FA prompts.
- 💡 Post-hacking steps include restoring account settings, re-uploading content, and regaining access to the channel, highlighting the disruptive impact of such incidents.
- 🛡️ Recommendation to use hardware security keys like YubiKey or Google Titan for an additional layer of security beyond traditional 2FA methods.
- 🤖 The threat of malware, such as the YT Stealer attack, which targets YouTube authentication cookies to maintain persistent access to accounts.
- 📧 Caution against phishing emails that mimic legitimate services, urging creators to verify the authenticity of emails and links before clicking.
- 🚫 Advice against logging into sensitive accounts on public Wi-Fi networks due to the high risk of man-in-the-middle attacks.
- 🛠️ The suggestion to use VPNs for encrypting data and protecting privacy while using public networks, with specific recommendations for Google VPN and ProtonVPN.
- 🗝️ Emphasizing the use of password managers to create and store unique, complex passwords for each account, reducing the risk of credential stuffing.
- 🔎 Mention of tools like Have I Been Pwned and Delete Me for monitoring personal data exposure and removing information from data broker sites.
Q & A
What was the main issue discussed in the video?
-The main issue discussed in the video was the hacking of YouTube channels, specifically the 'YT Steeler' attack, and how creators can protect their online presence from such cyber threats.
What is the 'YT Steeler' attack?
-The 'YT Steeler' attack is a type of cyber attack aimed at stealing YouTube authentication cookies to gain unauthorized access to users' accounts, often resulting in the hijacking of channels and unauthorized changes.
Why are hardware keys recommended for multi-factor authentication?
-Hardware keys are recommended for multi-factor authentication because they provide an additional layer of security that cannot be duplicated or bypassed remotely, unlike text message codes or application-generated codes.
What is the role of Shannon Morse in the video?
-Shannon Morse is a security and privacy advocate and entrepreneur who shares her expertise on how to protect online accounts from cyber threats. She provides insights and recommendations based on her experience and knowledge in the field.
What is the significance of using a separate email for YouTube login?
-Using a separate email for YouTube login helps to keep the account secure by not exposing the login credentials to potential attackers through public-facing emails that might be targeted in phishing attempts.
Why is it advised not to log into YouTube or any sensitive accounts on public Wi-Fi?
-It is advised not to log into sensitive accounts on public Wi-Fi due to the risk of man-in-the-middle attacks, where attackers can intercept data or impersonate the Wi-Fi network to gain unauthorized access to user accounts.
What is a VPN and how does it help in protecting online privacy?
-A VPN, or Virtual Private Network, is a service that creates a secure, encrypted tunnel for online traffic, protecting data from being intercepted and snooped on by third parties while using public networks or browsing the internet.
What are some common mistakes that can lead to malware infection on a device?
-Common mistakes include clicking on phishing emails, downloading malicious attachments or extensions, and neglecting to keep software and security measures up to date.
How can a password manager help in maintaining online security?
-A password manager helps by generating and storing complex passwords for different accounts, reducing the risk of password reuse and making it easier for users to maintain unique, strong passwords for each of their online accounts.
What is the importance of auditing third-party apps connected to an account?
-Auditing third-party apps is important to ensure that only trusted and secure applications have access to your account, reducing the risk of potential security breaches through malicious or compromised apps.
What steps can be taken to protect against phishing attacks?
-Steps to protect against phishing attacks include using email filtering tools, being cautious of unsolicited emails, verifying the sender's identity, not clicking on suspicious links, and regularly educating oneself about the latest phishing techniques.
What is the purpose of the website 'have I been pwned'?
-The purpose of 'have I been pwned' is to allow users to check if their email addresses have been compromised in any public data breaches, helping them to be aware and take action to secure their accounts.
What is Shannon Morse's advice on the frequency of checking and updating online security measures?
-Shannon Morse recommends conducting an annual audit of online accounts to update security settings, change passwords if necessary, and ensure that personal information is secure and up to date.
Outlines
😨 YouTube Channel Hacking and Cybersecurity Measures
The speaker discusses the alarming issue of YouTube channel hacking, referencing a Forbes article about the YT Stealer attack. This attack is notorious for stealing authentication cookies to bypass account security. The speaker shares a personal experience of losing control of their podcast channel for 10 days due to hacking, highlighting the urgency of cybersecurity. The episode features an interview with Shannon Morse, a cybersecurity expert and privacy advocate, who provides insights on protecting online presence and the significant financial impact of cyber threats on creators.
🔒 The Importance of Advanced Security Measures
The paragraph delves into the specifics of the YT Stealer attack, explaining how it operates by stealing YouTube authentication cookies to maintain a logged-in session. It emphasizes the difficulty of detecting such attacks until they have already compromised the account. The discussion then shifts to the importance of advanced security measures like using physical USB keys for two-factor authentication, which can prevent unauthorized access even if the account credentials are compromised.
🤔 Identifying and Preventing Phishing Attacks
This section discusses common phishing tactics used to deceive YouTube creators, such as sending fake emails that appear legitimate but are designed to steal login credentials. The paragraph advises on how to verify the authenticity of emails and the importance of scrutinizing links and attachments. It also introduces tools like Malwarebytes and Windows Defender as essential for detecting and preventing malware infections that could lead to security breaches.
🛡️ Enhancing Account Security with Hardware Keys
The speaker and Shannon Morse discuss the benefits of using hardware keys for multi-factor authentication to secure online accounts. They explain how hardware keys, such as YubiKey or Google Titan, provide an additional layer of security beyond traditional two-factor authentication methods. The conversation also touches on the importance of not getting complacent with security measures and the potential vulnerability of approving two-factor authentication requests out of fatigue.
🔐 Auditing Online Security and Managing Third-Party Apps
The paragraph focuses on the importance of auditing online security, especially for third-party apps connected to YouTube accounts. It advises content creators to be cautious about the apps they authorize and to regularly review and remove any unnecessary or suspicious apps. The discussion also covers the potential risks associated with using personal email addresses for business purposes and the benefits of using dedicated, private email accounts for account logins.
🕵️♂️ Protecting Against Cyber Threats with VPNs and Password Managers
The discussion turns to broader cybersecurity measures, such as using VPNs to protect data privacy and secure public Wi-Fi connections. The paragraph also highlights the importance of using password managers to create and store unique, complex passwords for each online account, reducing the risk of account compromise due to password reuse. It mentions the potential costs associated with not investing in cybersecurity, emphasizing the value of prevention over cure.
🚨 The Reality of Data Breaches and Dark Web Exposure
This section addresses the reality of data breaches and the exposure of personal information on the dark web. The speaker recommends using services like 'Have I Been Pwned' to check for data breaches involving personal email addresses and 'Delete Me' to remove personal information from data broker sites. The paragraph underscores the importance of being proactive about personal data security and the peace of mind that comes with using these protective services.
🛠️ Final Thoughts on Cybersecurity for Content Creators
In the concluding paragraph, the speaker and Shannon Morse summarize the importance of cybersecurity for content creators. They stress the need for regular audits of online accounts, the use of advanced security tools, and the implementation of best practices to protect against cyber threats. The conversation wraps up with Shannon sharing her contact information and inviting creators to engage with her on Twitter and YouTube for more cybersecurity advice and resources.
Mindmap
Keywords
💡Hackers
💡Cybersecurity
💡Two-Factor Authentication (2FA)
💡YT Stealer Attack
💡Session Hijacking
💡Phishing
💡Malware
💡Hardware Key
💡VPN (Virtual Private Network)
💡Password Manager
💡Data Breach
Highlights
The YouTube channel 'think media podcast' was compromised, highlighting the vulnerability of online platforms to hacking.
Hackers are using sophisticated methods like YT Stealer attacks to steal YouTube authentication cookies, bypassing traditional security measures.
Two-factor authentication fatigue can lead to account breaches; it's crucial to remain vigilant with approval requests.
The importance of using hardware keys like YubiKey for added security beyond traditional two-factor authentication methods.
The significance of not reusing passwords across multiple platforms to prevent a breach in one account from compromising others.
Phishing attacks remain a prevalent threat, with hackers sending fake emails mimicking legitimate services to deceive users.
The value of using a VPN to encrypt data and protect privacy, especially when using public Wi-Fi networks.
Password managers are essential for maintaining unique, complex passwords for each account, reducing the risk of account breaches.
The utility of 'have I been pwned' in monitoring for data breaches involving personal email addresses.
The dark web's role in data breaches and the importance of proactively monitoring for compromised information.
Using services like Delete Me to remove personal information from data broker sites and protect privacy.
The recommendation to conduct an annual audit of online accounts to update security settings and change passwords when necessary.
The potential cost savings and peace of mind that come from investing in cybersecurity measures.
The episode emphasizes the importance of cybersecurity education for content creators to protect their online presence.
Shannon Morse's background in cybersecurity and her mission to inspire others to maintain their privacy and security online.
The episode concludes with a call to action for creators to take control of their digital security and utilize the available tools and resources.
Transcripts
our YouTube channel got taken over by
hackers and there's so many new attacks
out there oftentimes you don't know what
you need to do to protect your accounts
so how do you protect your YouTube
channel from hackers Forbes posted this
article about this YT Steeler attack so
oftentimes it's incredibly hard to know
if somebody has stolen this information
until it happens they start working so
quickly to change everything around to
make you lose permissions make you lose
access I'm talking with a cyber security
expert to give us the updates we need to
know right now
recently we actually lost our think
media podcast channel for 10 days it was
very scary we thought all of our videos
and all of our hard work was gone and so
we're going to be unpacking that
situation and then looking into some of
the things like tools and mistakes and
how creators can protect themselves not
just on YouTube but their online
presence overall and what are some of
the biggest threats right now cyber
threats are costing creators massive
millions and even billions of dollars
businesses it's a it's a horrible issue
and so I'm super excited to be with
Shannon Morse who's here today she's a
security and privacy Advocate and she's
an entrepreneur whose goal is to help
Inspire others to live life to the
fullest while not sacrificing their
identity ethics or privacy and cool fact
about Shannon is she built her first
computer around age nine and then later
went on to teach yourself HTML and
simple coding while building websites
dedicated to her favorite fan so she's
been in the game and she is uh
incredible and was generous enough to
reach out on Twitter when I was like we
got hacked she shared some valuable
resources there and so Shannon welcome
to the think media podcast hi Sean thank
you so much for having me on and that
was such a sweet intro
I appreciate you so much we were able to
connect to vidsummit a few years back
and you've got an incredible YouTube
channel with these types of tips but I
want to first break into
um just kind of the story and those that
are subscribers here know we got hacked
all of a sudden our Channel's taking
over it's changed from think media to
Tesla official I've seen this happen
many times oftentimes on my Smart TV I
see Tesla CEO or Tesla official is live
and Elon is talking and I'm like that's
probably not Elon Musk but they they're
this is very common actually they're
hacking a lot of channels of different
sizes privating the videos and then
pushing out a live stream with
pre-recorded Elon Musk content and then
soliciting crypto especially because
elon's a crypto kind of advocate right
and making a lot of money and a lot of
friends rallied to help me with the
situation here and so
um the first thing is is you kind of
said this is maybe a YT Steel their
account maybe you can ask me some
questions and let's unpack this
situation before we maybe go a little
bit macro and give tactical things for
everybody listening to apply yeah
absolutely I'm so glad that you asked me
to do this video with you too because I
haven't talked directly with any of my
friends who have had their channels
hacked yet so this is a really good
learning educational experience for me
so I can tell people better how to
protect themselves so yeah I'm curious
do you know what it was that ended up
allowing somebody to hack your account
do you know what the target entry point
was so
um what we do know is that Google
emailed us and they said they emailed us
the date date of the hack was Wednesday
uh January 11 2003 that they 2003 to
2023.
they've had access to your account for
such a long time before YouTube even
existed for that matter yeah amazing
um now what's scary is we did have
two-factor authentication right on good
and to be clear of how that works at
least the way we have it set it up is
when you log into the YouTube channel if
someone else is logged in and one of our
vulnerabilities is we do have multiple
people working on our channels this was
also not our main Channel with over 2
million subscribers this was our podcast
channel right around 75 000 at the time
I think when we do two Factor this will
happen in our world all the time I'm
watching YouTube on my phone I'm on my
desktop and a screen will pop up and
it'll say hey somebody in such and such
State somebody in such and such place is
trying to log in and you can approve or
deny we maybe became a little bit lacks
with approving and denying that and and
of course we know where our team works
and they're all spread out in different
states and so whether it wasn't me that
approved it somebody that had access
that's logged in could approve somebody
else and we believe that was the
vulnerability point and if you say try
another way it wasn't a text message
code situation that happened it was that
approver deny and Mel Melissa on her
team mentioned that I think she saw one
pop up was suspicious of where it was
did not click it but I think someone
else on our team clicked to prove
um and so that's all I know that at that
moment though once they got past
two-factor authentication Google said
they changed the code to a physical USB
key so you can coach us on that a little
bit later of how powerful that would wow
we had one of those but then they took
over by now we were pushed out and it
was also interesting is some of our
managers who did not didn't have
authority were still in there so they
started watching them making changes
they watched them videos to private they
watch them and thank God they didn't
delete that's terrifying yeah so they
made the videos all private they didn't
private the live stream so the main page
is all private the live streams were
like still public half of them were
privated and then what was also super
funny was after the channel was hacked
it became Tesla official they delete the
out page they changed the cover the logo
they try to do a live stream and one of
our managers shut it down because they
were allowed so that was even funnier
like so it's almost like they were kind
of fighting back and forth inside of
there ultimately there's only so much
you can do if they already have access
to the highest level and then all the
managers out so it's just them and we
also then had a schedule upload because
we upload our podcast on Tuesday and on
Thursday and so a video came out with no
thumbnail because we had it uploaded one
and so all of a sudden my latest video
dropped on Tesla official and some
people saw it and they're like did you
get hacked where'd all your other videos
go is this the right channel did someone
steal Sean's content and so oh my
goodness you reach out to we started
with tweeting YouTube on Twitter which
is what they tell people to do although
all they did was send us to the main
page where we had to fill out email and
reach out to Google support and I did my
friend Benji Travis who you know
co-author of YouTube Secrets he said try
to make you know try to really blow it
up and get everyone to share I don't
think they expedited anything which is
fine it is what it is but because it
took a while it was a while to get
responses it was days to get a response
it was you know 48 hours then it was
like a while to kind of go back and
forth and get some things going and so
for 10 days the channel was down but
eventually mid mid that process the
hacker got kicked out but they then
slowly started restoring our channel to
us and then when we got it back
[Music]
um so the attackers changed the YouTube
channel name from think media podcast to
Tesla official I'm reading an email they
sent they summarized it right they
removed the team's emails no longer
granting them moderator they changed the
icon Avatar banner and made all the
videos change to private and that all
happened on January 11 2023. again well
when we discovered though that we got
the channel back
we turn all the private videos back to
public had to re-upload the cover and
rebuild the home page and just all the
different features because all of that
was just kind of zeroed out and um so
it's a pretty wild story it turns into a
lot of work and I think when it comes to
YouTube content creation there's so many
creators who want to get the ball
rolling and want to start growing their
accounts and want to start growing their
channels but if you're growing and
you're not protecting it in an efficient
manner and there's so many new attacks
out there that oftentimes you don't know
what you need to do to protect your
accounts then you could potentially lose
income and I feel like when it comes to
your channel as an example it's it can
absolutely affect your growth on the
platform because you're not uploading
during that time and it can affect your
income and if you have a large growing
Channel if you're depending on that
income it can really really hurt you 100
and what's interesting is I had my
friend Jake Larson who that runs YouTube
ads more for like service professionals
and experts and
he said five of their channels got
hacked
the day before Christmas oh no another
person who I didn't get their permission
who we both know so I don't know if they
want to know that they got hacked also
got hacked in one of in their channel
manager DM me and said hey we went
through this we did get it back it was
frustrating and so I had a lot of what
was interesting is a lot is subjective
but
it's this appears to be very common and
it was kind of like a wave like it just
was hitting a lot of different people
and so you mentioned a YT Steeler attack
and yes Thomas Frank said it's probably
browser hijacking or session hijacking
so what are some of those things we can
maybe tackle those of what maybe could
have happened here yeah absolutely so um
just I wouldn't I would say like eight
months ago or so uh Forbes posted this
article about this YT Steeler attack
that's what this attack is being called
and the whole point of it is to steal
YouTube authentication cookies uh and
kind of to in order to understand what
these authentication cookies do it's
whenever you you know hop on your
computer or hop on your phone and you
first log into your account you're
clicking around inside your account you
don't have to log in every single time
you change your page and oftentimes you
can stay logged in for like a month at a
time before you have to re-log into your
account and that's because because you
have cookies on your computer that are
saving your information and saving it as
this special session and if somebody
else is able to steal the code for that
session then they could use that same
information
to bypass all the credentials and log
into your account on their own computer
even though it's a completely different
machine it might be on a different IP
address it might be in a completely
different country it can work and in the
case of the YT Steeler attack a lot of
people are purporting that this is
probably malware that somehow ends up on
your machine that is harvesting that
information it's harvesting the
credentials or it's harvesting the
session ID in order to steal it and gain
access to the account so oftentimes it's
incredibly hard to know if somebody has
stolen this information until it happens
and then as soon as it happens and
they're in they start working so quickly
to change everything around to make you
lose permissions make you lose access
that you end up having a closed down
account for like 10 days like in your
example until you can finally get access
back wow and so ultimately then we can
break down what why what are the dumb
mistakes people make or just the
unknowing mistakes they make that could
allow and lead to malware getting on
their machine and is there also tools
you recommend for maybe someone saying
is their malware on my machine right now
yeah absolutely so um Malwarebytes 100
that's one of my favorite tools it's
free and you can download it um
sometimes they prompt you to pay for the
free service you can totally upgrade if
you want to but I use the free version a
Windows Defender works wonderfully well
for antivirus if you're on a Windows
computer if you're using Linux or Mac if
you want to switch to one of those those
don't seem to be as targeted as much
when it comes to these kinds of attacks
so you could totally switch operating
systems but if you're like me and you're
a big Windows geek then I fully
understand if you wanted one too so that
can definitely help and it seems like
one of the biggest ways that people are
getting attacked is through fake emails
that are being sent to them so one of
the ways is maybe an attacker pretends
or copies a YouTube copyright warning
and they email it to you it looks
totally legit but it's not so if you
click on a link within that email and
you log into your account that's giving
them access to your credentials that
could allow them to get access to your
information another way is fake
sponsorship or fake advertisement emails
a lot of people are getting those too
and luckily a lot of content creators
have been sharing those on social media
so they'll share screenshots and be like
I don't think this is real you can
oftentimes tell from the domain but
domains can also be duplicated they can
be faked so you can't really depend on
just the domain address and an email
address and an email form oftentimes you
have to look at more than just that look
at the grammar you could look up the
name of the person signing the email and
see if they're on LinkedIn or social
media and you can reach out to them on
social media and say hey are you
actually like did you send me this email
from your PR Company or from your brand
did you actually want to sponsor on my
channel and oftentimes you'll get a
reply like yes I did or no that's not me
so that's one way that you can kind of
see if somebody is sending you a fake
email or see if it's legitimate oh my
gosh I could go so deep when it comes to
just like email protection in ways that
uh these attackers are able to hack into
content creators YouTube's account just
through email oftentimes it just comes
down to making you click a fake link
that sends you to a website that looks
like YouTube but it's not so they are
able to steal your credentials so
username and password or they're getting
you to click on like maybe a PDF like
here's this PDF please check this to see
what we're looking for for our
sponsorship inquiry you click on it and
it downloads malware
um oftentimes executables or malware
will be embedded inside these kinds of
documents like PDFs or docx type of
files and those can end up downloading
onto your computer and that can be a
really really bad way
for them to actually get into your
information and steal your cookies steal
your session ID wow and and so is this
also it's what's called phishing or it's
related to fish yeah yeah absolutely
yeah so fishing is uh it's you know the
name kind of makes sense when you think
about it when you go to a lake or go to
the ocean you're fishing you're fishing
for fish and you're hoping that one of
them is gonna stick on your line you can
and then you can take it home and cook
it for dinner that night if you're into
a fish I am I love salmon it's so
delicious but online fishing is very
similar you have spear fishing where
they're directly targeting people and
then you have regular fishing where an
attacker might send out like a massive
email to a ton of content creators and
hopefully one of them hopefully one
catches on to that line and downloads
that malware because if even one person
does it then it's worth their time then
they might be able to make some income
from it especially if they're sending
out like live streams for you to I don't
know send money to a crypto wallet or
something
100 and I see this in fact you know uh I
use coinbase and I'm thinking about the
different emails I get and constantly
it's like your account's under attack or
please update your thing or you just in
fact this is
interesting and relevant once we got
hacked and I started sharing on social
media
I people tried to double hack me on
Twitter like they started saying like I
see those all the time yeah like oh we
can help like oh we we go help you get
your account back and I'll be looking
like you're just a little sketchy
account on top of that and so you know
just send us your info and we'll so I'm
like what oh my gosh like what a what a
Sinister plot here of
trying to hack the hacked and so
um and and so so probably somebody
clicked the link uh maybe logged in
their credentials uh click the link or
open an email they shouldn't have right
yeah are you vulnerable from just
clicking a link potentially yeah you can
be
um a lot of times there are malicious
websites where as soon as you visit them
they might try to start scraping data
from your computer from your session or
from your machine that you are using and
from that data that might be able to
scrape enough information about it to
you know either get you to automatically
download some kind of executable or some
kind of malware or they might be able to
steal enough information to gain access
to your accounts one way that you can
tell if an account is malicious or not
is if you which don't click on Links at
all one extension I use in Chrome is
called u-block origin it's completely
free it starts with the U block origin
and that one will trigger a little
response within the browser that says
hey this is a potentially malicious link
do you want to proceed and it gives you
the option to proceed yes or no
oftentimes I find that it is a little
bit trigger happy when it comes to
awarding you but it's a good thing to
have if you want to be extremely
cautious and extremely skeptical when it
comes to Links in your email another way
to completely bypass clicking on links
in email is just to go straight to the
YouTube Studio because if you're going
to have a prompt about like a copyright
notice or a warning on your account or
if there's some kind of like advertising
Revenue issue sign into your AdSense
account directly as opposed to clicking
on a link in your email or go to
studio.youtube.com and log in directly
as opposed to clicking on an email
because any of those prompts you're
going to see on your dashboard they're
not just going to send it to your email
they're going to put it on your
dashboard as well so that it's very
clear and you can respond directly to
YouTube or to AdSense or whatever some
attacker is trying to steal from you
[Music]
this video is brought to you by stream
yard stream yard is our go-to platform
for streaming to YouTube and Facebook
with an incredibly easy to use interface
for built-in branding transitions text
lower thirds and seamlessly bringing on
guests it really is one of the best
options when it comes to live streaming
and what's so cool is they've
implemented a brand new feature called
local recording take control of your
audio and video with local recordings by
separating out your audio and video from
your guests this feature gives you the
control over your content for later use
making it perfect for podcasts and video
creators just go to streamwoodthink.com
to get started now
so powerful now you shared three tips
and then you may have others in far as
far as like well what do we do to
protect ourselves how do we solve this
problem and on Twitter you sent
you mentioned number one use ubico to
protect your account from two-factor
authentication phishing I looked these
up they're little USB keys or USBC uh
that you plug into your physical machine
it looks like they're right around 50 60
70 on Amazon where's mine oh I have one
here yes that's what it looks like I
have a sticker on mine so I can tell
that it's mine that's how I identify it
but yes you can pick these up for you
know less than 50 bucks I recommend
getting two
and you can register any account online
that accepts Hardware tokens or Hardware
keys for multi-factor authentication you
can plug one of those in and use it to
log into your account the way those work
is you type in your username and
password you click on on login and then
on a next page it'll say like hey you
have to plug in your Hardware Key and
click on it in order to authenticate
your account and allow you to
authenticate and log into your account
this is kind of an upgrade from using
codes that are sent to your email is
sent to text message and it's also an
upgrade from using an application that
generates little six digit codes and
you've probably seen that happen a lot
with like if you're logging into your
bank they might send you a six digit
code or your ISP or your uh your email
address even a lot of them automatically
force you to set up 2fa and you might
not even know it's happening but then
you get sent the six digit code you have
to type it in within like 60 seconds to
log in the problem with that though is
when you're typing in these codes if
somebody's stuck malware on your
computer they could be watching your
screen and they could get that code and
they could get your username and
password so if they have all three of
those little pieces of information that
you type in then they could log in no
problem the thing with the hardware key
is they can't duplicate it because they
don't have the hardware key so unless
they're like in your house and they
steal your key they're not going to be
able to log in so if they're trying to
log in with username password and
Hardware Key they're going to get stuck
they're going to get blocked by that
brick wall made by the ubikey Google
makes one called the Google Titan and
it's going to stop them right in their
tracks and they won't be able to log in
now if they have somehow stolen your
session ID like with the YT Steeler
attack this is the big reason why we
don't get want to get malware on our
computers that could allow them to
bypass 2fa but that doesn't necessarily
mean that you shouldn't have a hardware
key on your account because that that's
going to protect you from even more
attacks outside of YouTube stealer that
are that might potentially try to hit
you from other various circumstances so
you should be taking a kind of a
holistic approach to online security and
privacy when it comes to your account
and trying to think like a hacker like
think of all the different ways that an
attacker could potentially get into your
account and make sure that you're
protecting it even further try to take
it a step further so you're never the
low-hanging fruit because the higher up
you are in in terms of security and
privacy the better off you'll be and the
less likely you will be a Target and if
you were in a situation where
question one you're an individual
Creator so you get one of these physical
keys and I will Shannon's got some
resources and some videos on this she
reviewed some we'll link those in the
show notes as well as uh do you
recommend yubico over Google's Titan I
do and the main reason is because
they're not very expensive so they're
honestly it's like it's an upfront cost
and then it's free to use forever until
like you break one or lose one and then
you re-buy like just buy a new one
um and it's they have a lot of different
options so Google Titan has a few
different options which will round you
out pretty well but if you want to use
them across all sorts of different
platforms like I'm a I'm a tech reviewer
so I have like an iPhone and I have a
Android device and I have a Linux box
and a Windows computer so I need all
sorts of different ports NFC Bluetooth
whatever so I have a bunch of different
ubicos uh and that way I can use um
across the board like across any of the
different browsers that I have or
different operating systems that I have
the nice thing about it too is whenever
you set one of these up on your YouTube
account you can set up multiple of them
so if you're worried that you're going
to lose one don't be like just buy two
set them both up at the same time store
one away in a safe or like if you have a
bank safe at your bank you could store
it there just store it somewhere safe
and secure where like nobody can get to
it and then use your other one whenever
you need to log in and like we mentioned
earlier with cookies and sessions
cookies and sessions allow you to stay
logged in for a long period of time so
you don't have to use it every single
day you're only going to have to use it
whenever you need to set up a new
account set up a new computer or a phone
or if for some reason you've erased all
your cookies and you need to re-log into
your account then you would need to use
your ubico again so you don't really
have to carry it around with your
everywhere or anything like that like
it's not very inconvenient to use I have
one that I generally just keep plugged
into my computer in a secure space and
then my other one I keep in a secure
place that nobody knows about it's a
secret place so if you're an individual
Creator getting two would be smart
exactly you just described if you were
in our case and there were some people
that you wanted States apart would you
get five or ten of them and and mail
them out and get them all so that that
anybody that needed to be at that level
would have this physical
ubico USB drive at that level absolutely
and in fact a lot of companies have been
doing that this year
um for example there's a big company
called cloudflare they're in charge of a
bunch of connections online they make
sure that your connections work and they
protect you from attacks on the internet
if you have a domain with them without
going into too much detail about
cloudflare themselves they're a very
large company with tons of employees
they were attacked last year and this
this attacker was trying to get into
employee accounts trying to fish them
for information trying to get somebody
to get accidentally give them like their
username and password in 2fa code but
they got locked because they were using
Hardware keys so because the attacker
didn't have one of these Hardware keys
they weren't able to get in due to that
cause like that's a great example of
what you know us Youtubers with a team
of like 20 or less people even more than
that if you if you have a big team you
can just buy two per person and have
each person set up a couple of them just
walk them through it's really really
easy to set them up have them store one
away have them keep one on their
keychain or whatever is more convenient
for them and then they can use that to
log in and then like every maybe every
week or every month or so you could even
like ask them to delete their cookies
and refresh their browser history so
that if there was some kind of malware
on their computer that was trying to
steal their session ID then the session
ID gets refreshed and they would have to
re-log in and use that new use that
ubico one more time when you mentioned
that I believe her name was Melissa who
had if she had mentioned that she saw
the approve or deny request on her phone
so that's an attack which is currently
being used by a lot of attackers called
2fa it's where they're trying to get you
to just approve it just to prove that
that request it's called 2fa fatigue and
that's where you just get so tired of
seeing the approve or deny that
eventually you're like oh it must be
somebody on my team like it's 9 9 pm
whatever I'm tired like I'm just gonna
hit approve and it's fine like it looks
legit right so it must be legit 2fa
fatigue has been used for a lot of these
companies Reddit twilio I believe Uber
was one of those so a lot of companies
have had their 2fa bypassed or attacked
specifically because these attackers are
getting smarter so by upgrading to
Hardware keys not only are you
protecting yourself from you know
potentially somebody sealing your codes
but also these uh 2fa fatigue requests
so make sure that everybody has one of
these and it's it's a much better way to
protect yourself
I we were in 2fa of fatigue
and we got comfortable yeah or like any
we're like yeah this is cool and it's
safe you know we're all whether we're
logged in just approved like people are
doing it all day every day and as you
scale you know this we got to have you
back sometime in the future because this
is an ongoing conversation and ongoing
challenge obviously because as you scale
you get more people and some of this
stuff feels like it is it's just it's
kind of frustrating and you're like how
do we do this at scale how do we you
know keep people safe and uh another
thing that might be interesting to you
was
we're pretty sophisticated maybe the ant
the better thing to say is we are pretty
unsophisticated as a company and we need
to grow up and become sophisticated and
you know I started shooting videos of
course like all creators like just in my
bedroom and solo Creator and then
eventually started growing team and and
even having like a website you know now
we have like an HR department like
whatever but like we um had a majority
of people were just using their own
personal emails
media.com and so even having yeah but
even any thoughts on that yeah actually
um that's that's actually a really smart
idea is to move everybody to a like
think media account or something similar
to that and one thing to consider is do
you publicize the email address that you
log into YouTube with
and if you do that could give an
attacker
extra information that they could use to
potentially breach into or hack into
your account so I'll give you an example
um I use uh I don't know I'll use Sailor
Moon gmail.com that's not really my
email address so don't try it but let's
say I'm using Sailor Moon gmail.com to
log into my YouTube account and I put
that on my about page on my YouTube
channel and I say this is how you can
contact me if you want to do like ads or
sponsors or promotions or whatever and I
get this email from somebody and it says
uh um there was a problem with your ad
revenue and you have to log into this
link and it's to the Sailor Moon
gmail.com account the same one that I
used to log in if I see that I'm going
to think oh this might be legit so I
should probably check my ad Revenue so I
get paid this month because ooh I gotta
pay my mortgage
if you're using a separate account for
your logins then you are for public
information then the attacker is going
to get the public email and try to email
you there but if it's going to an email
inbox that is public that is not the one
you used to log in then you would know
immediately that would be a red flag
that somebody is trying to hack into
your account because Google is not going
to send you an email to the public
account when they can send it to the
email that you use to log in the
legitimate Google knows what that login
is knows that email address but nobody
else should if you're keeping it private
so why would Google send you an email to
your public one
that's a big road flag so
anybody out there who is just using like
one email address to log into all your
things make your likes just transfer
your YouTube account to a different
email address and make sure it's private
like don't tell anybody what that email
account is and then set up set it up
with 2fa and that way the only emails
you should get there are legitimate ones
from like Google
and I think we had changed the front
facing email but because I started think
media back in 2010 I sometimes would use
it as like my main Gmail and even sure
yeah people you know like business
connections so like a small group of
people and that might not have been the
vulnerability point but your tip there
is use a separate Gmail for your YouTube
account that's dedicated right yeah that
is not shared not for in and outbound
just for logging into your precious
YouTube Just yeah just for logging in
like just almost treat it like a
password like you wouldn't tell anybody
your password don't tell anybody what
the email address associated with your
YouTube account is either that obviously
is going to work better if you're just
one a one-person operation but if you do
have a team then maybe require them to
use a separate email account to log in
as well and don't give them any access
or permissions on their public email
addresses smart so good and then another
tip you shared was audit online security
especially connected third-party apps
whatever yeah what those could be
so third-party apps are applications
that allow you to like stick add-ons
onto your YouTube channel
um some of the ones that I use are like
vid IQ uh tubebuddy those are like
third-party add-ons for your account
usually those are going to authenticate
with your account via this thing code
called oauth which is a secure way to
log into your Google account and
basically pair the two
accounts together your YouTube account
and then the third party add-on and
those are really great and very
convenient because they let you do all
sorts of cool things but if you're kind
of slap happy when it comes to adding
things to your YouTube account you could
add something that's malicious I don't
think that vid IQ or tubebuddy are
malicious in fact I love those add-ons
they're amazing and they've helped me
grow my business but when it comes to
like other just random things that you
might find out there that somebody
randomly recommended do some research
you know see if they do their own
security audits for their own company
see if they allow you to log in Via
oauth or if they require you to type in
your username and password in for
YouTube into their product because they
really shouldn't be they should just be
using authorization through Google so
there's uh if you do see any like weird
third-party apps that you don't
recognize just deny them just close them
out and disapprove them or remove them
from your account from your YouTube
account on the back end and that's one
less thing that you would have to worry
about and I believe you can control what
third-party apps and like what browsers
and what
devices you're logged into through your
Google account that's attached to your
YouTube so you can go to those settings
through there is there any vulnerability
I'm a big Google Chrome user is there
any vulnerability of having certain
extensions on Google Chrome
that could make their way all the way
over to to mess with you somewhere else
and I'm looking at mine I have like like
rackets I have like 20 extensions so
yeah don't worry good IQ uh right now
I've got Zoom one up there we are using
one pass which we can talk about that in
a bit okay well yeah and one password so
but our our extensions that's different
than third-party apps connected to your
YouTube channel which is right about
being hacked here but any thoughts there
yeah that's a really good question
um there have been some Google Chrome
extensions for the Chrome browser that
were
allowing allowing attackers to
distribute malware through the extension
store like the online store for
extensions where you can download and
install them so that has been found
before however none of them I believe
have been used directly associated with
attacking YouTube channels not that I
know of but that doesn't mean that they
don't exist so that's another way that
you could definitely like audit your
online security for this holistic
approach is to definitely look at like
what kind of extensions you've
downloaded uh what you've downloaded on
your computer itself and see if there's
anything that you're not using day to
day for your business or for your
workplace that you could just delete
entirely or uninstall that's a really
good way to protect yourself I'm glad
you brought that up actually thinking
about kind of macro as we create a game
plan and you know I want to encourage
listeners stick around because I've got
some juicy questions just about the
Cyber threats we're facing in general
and thinking about the bigger picture
because it could be yeah hacking or
money or bank accounts or our personal
identity identity theft we couldn't even
cover all of that let's talk about some
tools or some things that what are some
of the Cyber threats that you think
we're facing and do you recommend things
I'll throw them at you like a VPN
absolutely
I hope you're using a VPN Sean
hmm I will be soon and there's lots of
different ones there are recommend and
why and of course we'll do a whole
summary in show notes but uh uh I'm I'm
so glad you mentioned that too oh my
gosh your ex you're asking me like the
perfect questions about security and
privacy it's so great I'm so excited
um vpns are wonderful they're a great
way to protect your uh your local
information and oftentimes vpns will
encrypt your data so that nobody else
can see your data you do have to trust
the VPN that you're using so keep that
in mind
um if you don't mind that Google is
running a VPN the Google one VPN is
wonderful
um it's great for protecting your
traffic especially if you need to log
into like public Wi-Fi or something like
that that will protect your traffic so
nobody can snoop on your data while it's
in transit
um another one that I really recommend
is called proton VPN that one has been
highly highly recommended in the cyber
security Community for quite a long time
now and I would say those are the two
that I mostly recommend now if you want
to go into more details I did do a
YouTube video about some of my top vpns
but those are the ones that I usually
recommend for people to check out and
just give a quick breakdown if we're new
to vpns maybe some of us only think oh
the reason we should get one is so we
can watch Netflix shows in another as
all sponsored YouTubers May promote yeah
yeah entertainment channels and then
they're like and it does a bunch of
other cool stuff for you as well but
like I know nobody ever covers the cool
stuff nobody ever covers like all my
favorite stuff of vpns I love everything
about vpns um so it's basically like
it's it's like a secret tunnel that
you're sticking your traffic through
that's owned by VPN so maybe they have a
camera in that tunnel so they can see
what's happening but it protects your
data from point A which is you to point
B which is whatever website you're
trying to visit it or whatever online
shopping service you're trying to go to
or whatever it might be so that way
anybody that's snooping on both sides of
the tunnel can't see what's going on
inside the tunnel so it's a secret
tunnel that's the easiest way to kind of
explain what a VPN is and in order to
use one it's very simple you either
download like a a download the
installation file for it and put it on
your computer so it works with all of
your different devices or all of your
different uh programs that you have in
your computer or you can download an app
on your phone or download an extension
for your browser now of course read
reviews make sure it's a legitimate one
check the terms and service of the VPN
make sure that they don't Snoop on your
traffic and sell it to third-party
advertisers if they don't disclose that
information and then they do it anyway
they could get sued so it's in their
best interest to tell you disclose this
information in their terms of service
and then yeah you just use it every day
okay this does help you watch stuff in
other countries
um I've used one to buy tickets for a
Japanese theme park even though I wasn't
in Japan it totally worked and then I
went to Japan and got cheap tickets
because they thought I was Japanese it
was great but you could also use it to
protect yourself whenever you're like on
public Wi-Fi or you have to use like
your hotel's internet access in order to
upload a video which don't recommend
because it's always too slow so it will
protect you from those kind of potential
attacks of somebody trying to steal your
information
would you
recommend as I'm oftentimes in an
airport that I'm not logging into my
YouTube channel on my phone or MacBook
on Airport Wi-Fi and am I vulnerable
don't do it in fact um don't log in or
don't even open YouTube at all don't
don't even let my devices
if I get my laptop on Airport Wi-Fi does
it now doesn't matter what websites I go
to or should I not even use unless you
just don't
yeah you can use a VPN that will help
with protection
um whenever I travel I don't use any
public Wi-Fi whatsoever and the reason
is because it's so easy for somebody
else to pretend to be that wireless
router pretend to be that access point
and
surreptitiously get you to like
basically authenticate and log into
their router and log into their Wi-Fi as
as opposed to the real airport Wi-Fi so
you got to watch out for that and
there's no way to tell which one is real
and which one's fake so for example when
you go to a airport and you want to hop
on like the airport Wi-Fi and you go
into like all the little Wi-Fi settings
on your phone you might see a few
different ones that say like free
airport Wi-Fi I live in Denver so Denver
Airport Wi-Fi uh Denver Comcast free
Wi-Fi like whatever it might be and you
might not know which one is the real one
so if you click on one and it says
you're connected you're like all right
I'm good to go but how do you know that
that's real I say this because one of
the companies I work for or work with
created a device a tool that is used by
cyber Security Professionals to audit
companies that allows them to duplicate
uh Wi-Fi networks and if they're within
range of your device and your device is
set to automatically connect to some
known Wi-Fi network it might
automatically connect to a malicious
Network so you really have to watch out
for that and you never it's it's so hard
to tell so I highly recommend just not
connecting to Wi-Fi no no public Wi-Fi
got it okay scary but really good advice
yeah kind of scary but yeah
password managers I know that you just
did a recent video
about LastPass got like hacked again and
I say again because I feel like it's
happened multiple times I know there's a
third time
um yeah that's that's wild luckily I
suppose we've been using one pass for
quite a while thing one does every
Creator need to be using a password
service like that in today's world
uh yes if you aren't what's wrong with
you no I'm just playing
um password managers are very very good
there's only so much information that we
can remember in our minds and when it
comes to all these different devices
that we're using in today's day and age
it's incredibly hard to remember all
those passwords so I highly recommend
using a password manager especially if
you have a lot of online accounts
because the moment that you reuse a
password across accounts really really
focus on like YouTube accounts
especially if you're reusing that
password on some other website and
that's some other website gets hacked
and they weren't protecting your
password correctly then now somebody has
your password and they could try it
across a multitude of different websites
and see which ones you were reusing it
on and if you're reusing it on YouTube
there you go there's their entry point
and then you want to make sure you're
using a hardware key so if they have
your password they get blocked
yeah if we follow all your tips then
it's like they they can't get through
you have a you have a steel gate you
have a you have uh armed guards you've
got lots of different things
so okay so definitely use a password
manager is there one you uh like yeah
LastPass no I'm just kidding
um
I really like RoboForm
um they have a very very easy UI it's uh
really easy to use and they have an
extension another one that I really like
is called bit Warden that one has a free
option so if you want something that's
really inexpensive there you go that
Warden is free one password is probably
the most advanced one that a lot of
people use I've used it as well so
because I've reviewed all of these one
password has a very Advanced and very
feature-rich platform but they're more
expensive so it kind of depends on which
one has the features that you're looking
for like some some people really need
Family Sharing where they can share
passwords across different accounts so
everybody in their household has access
to it like if you have Netflix in your
household you might want to share that
password ever with everybody even though
Netflix doesn't want you to so there are
like different features and it kind of
depends on exactly what you're looking
for a lot of people in the cyber
security industry were like one called
keepass because that one is uh I believe
it's open source and it also lets you do
a local download so you're not uploading
any password manager information to a
cloud service but again that that would
require you to have some kind of local
storage and your local storage needs to
be secure as well so a lot of things to
consider when it comes to which one you
want to choose I feel like I should make
a spreadsheet yeah no I love it yeah
like a comparison uh yeah in columns
that would be a yeah and yeah we've been
using one one pass we do love it and
when you talk about it being a little
bit more expensive if you're early on
and this isn't your main Revenue
generator then bit Warden and free
you're going to be a lot safer than
others yeah you don't want to be that
lower hanging fruit but I for me
especially after what we've been through
we are an investment in cyber security
feels to us like it's always a good
investment and we're not trying to
because we especially now can
extrapolate out not only the cost of
potential lost revenue or future revenue
or how the worst case scenario of like
completely losing the channel but even
just the cost of time the cost of Peace
of Mind the cost of the frustration it
through our whole day off and through
multiple days off it set us back I'm
less worried about even the there was
the revenue that was not generated but
then there's also our entire team was
now scrambling and focusing on this
instead my friend chalene Johnson
actually
um had her Instagram and Twitter and a
couple other accounts all hacked and her
email address through social engineering
they got into her uh whole world and it
probably didn't have to cost this much
but when it came to redoing software
redoing devices getting kind of their
whole business in place it ended up
being a hundred thousand dollar cost to
their overall company wow they were
recovering from this and so sometimes
you think it's kind of almost like
Insurance you're like if I actually only
pay this number and I never realized the
potential savings will Murphy's Law it's
like that's maybe the exact reason why
and and it's the peace of mind and so
that's a great one another one um is
there other tools and and one question I
have for you I've seen some advertise I
can't none of the names are coming to my
mind right now but maybe it was an ad on
uh Patrick David's Channel as a sponsor
about do you know that your
information's on the dark web your
passwords are probably going everywhere
this particular piece of software is
gonna like scour the internet clean
things up for you or find anything for
you give you alerts
um is there anything else like that that
you recommend uh yeah there is actually
um there's a website that I recommend
it's called have I been pwned
p-w-n-e-d it's like owned but with a p
have I been poem.com they will search
online for your email address in link
that have happened to big companies like
Adobe had a big leak years and years ago
but in that leak one of my email
addresses was exposed so I got a
notification from have ibnpone.com
saying hey your email address was leaked
you might want to change your password
on Adobe or your email address or both
just to be on the safe side because we
don't know if Adobe was protecting your
password for their account in a way that
was encrypted so I did that and then my
account was saved so that's a really
good way to kind of keep up to date with
what's going on on the dark web without
actually visiting the dark web just let
somebody else do it when you put your
information into this website too it's
totally fine it's totally secure the
data that they are getting from these
breach from these breaches are from
public publicly made breaches so anybody
can see what email addresses are in
these breaches you're just using this
database to find that information and
get notifications
um the original Creator his name is Troy
hunt and he's been in cyber security for
a really long time and he did this kind
of as a effort for the community to help
protect people and it's been something
that I've recommended for like 10 years
another option that you can use is and
uh disclaimer they have been a sponsor
on my channel but I've been a paying
customer of theirs for longer than that
way longer than that uh delete me delete
me.com I want to say they have a
wonderful service that looks for data
broker sites like Yellow Page sites or
white page sites like Spokeo People
Finder all that stuff they will look for
your information your first and last
name email address home address which
nobody working in YouTube wants random
people showing up to your house so they
look for all that information on these
data broker sites they send opt-out
requests for you to force these data
broker sites to delete that information
and they do it on a reoccurring basis
because it's a membership up so they do
it like quarterly and then they send you
a report showing you what information
they found and what information they
were removed and they look at like I
want to say 60 plus different data
broker sites I didn't even know so many
existed but they help protect your
information from getting out there and
when it comes to being like a public
figure or being on YouTube having that
little piece of comfort knowing that
there's a company out there who is
making sure that my data is not out on
the web on all these different websites
is it's it's a comfort to me so I use
their product like all the time and I
love it love it love it so again we'll
put these resources in the show notes so
many good things and Nuggets um but I
put in one of my emails now luckily this
is my this is my kind of throwaway email
like this is I've actually had this
email sent high school and oh no related
to any of our business activities but I
put it into have I been pwned and
there's been 29 data breaches and six
pastes bitly gravatar LinkedIn MGM
Resorts Twitter Adobe Animoto Apollo
canva oh my gosh Sean that's a lot
he's my Kickstarter but here are these
Brands all these Brands Myspace stockx
huge Brands Tumblr Zynga Wayne Leo I
don't even know oh my gosh you know
what's a paste you've been found in
paste this information
yeah yeah yeah that's like um if an
attacker just pasted a whole bunch of
emails into a um into like a document
and then they threw it up on the web
that's a that's a paste it's called like
a paste bin so really great resources
and this is definitely time whether you
know listening to this episode to to get
your life secure your account secure uh
think about getting the right Tools in
place
um I definitely as we land the plane I'm
excited to I think we I would love to
talk again and and I know that there's
probably some of our favorite episodes
one of the scariest episodes but you
know
you scared anybody you know and it's
it's just kind of the world we're living
in I know that some people too want to
retreat but I think it's just about it's
just sort of you you need this education
and you just don't want the right tool
and you want to elevate yourself from
that easy to get kind of just on uh what
is funny is I was talking to one of my
very close kind of OG they've been in on
YouTube over 10 years and they were just
talking about like actually how common
it is for creators to still be using the
same password maybe they've always been
they've never changed it like they've
used it across websites and they just
are unaware of this information so this
information is so powerful is there any
other final tips or advice that you
would recommend before we hear about how
our community can connect with you and
some of the stuff you're doing yeah for
sure
um so if if you use a password manager
it makes it really easy to know what
accounts you currently own and every
single year companies are making
upgrades to their security and privacy
to better protect their customers so I
highly recommend and this is something
that I do as well doing kind of an
annual audit of going through your
online accounts seeing if there's any
new like two-factor authentication you
can turn on or if they've had a breach
you should change your password you
could even see if there's websites that
still have like old home addresses
listed on them and you could change
those if there's websites that you no
longer use you could delete them and if
you can't delete them you can usually
just put fake information into your
account on their website so if somebody
did hack into those then they would just
have fake information there's a way that
you can go through like an annual audit
and just make sure that things are good
you know just do it on a weekend spend
spend a weekend doing spring cleaning of
your online accounts and then you're
good to go for another year it doesn't
have to be a complicated effort and I
feel like security and privacy can be
really convenient if you use these tools
and automate a lot of the processes
because a lot of it just comes down to
putting in the effort at the very very
beginning and then you're safe and
you're good to go one final question
before yourself do you recommend if
you're a business small business owner
and of course for anybody
people hire
cyber security firms or Consultants is
that something you do something you
recommend and at what level would that
be necessary heck no I do not have time
to do that myself I'm running my own
YouTube channel I have enough to do
um if you do have a big business
definitely you could you could
absolutely consider that there's some
really wonderful cyber security
companies out there some of them are run
by my friends so that's definitely
something you could look into there's a
lot of references online for cyber
security companies that will do like
annual audits or they will come in and
make sure that your accounts and your
online information is safe and they'll
they'll write you up a report so you can
see how to protect yourself but big
caveat is a lot of those are very very
expensive because they're using really
expensive tools and they're using their
own time and their own teams in order to
give you this information so that you
can better protect yourself so you're
looking at thousands and thousands of
dollars in order to have these audits
done and if you're running a big company
then yeah it can definitely be worth it
but if you're a smaller content creator
then you can use a lot of the consumer
facing implementations of security and
privacy to do similar things Shannon one
of the greatest episodes of all time and
so much value
um you are putting out great content on
your channel and uh and
for another part I would be awesome to
have you back someday to talk about your
almost 100 000 subscribers you have a
second channel that is that yeah or
you're across 100 000 and you're
featured on uh another account as well
as a personality on there you're doing a
lot of cool things hack five and so
um of course we'll link to all of your
stuff but what do you want to shout out
today
hack fives almost to a million I'm very
excited about that too
um probably my Twitter that's where I'm
most active it's at snubs
s-n-u-b-s-1b not two uh and then my
YouTube channel is youtube.com
shannonmore spelled just like my name
that's where I post a lot of my
tutorials and I'm also really active in
the comments in the community to help
people with their own security and
privacy
amazing and so think media podcast check
out Shannon's stuff go binge some of her
videos we'll link to the channel of
course and she will keep you in the know
keep you safe so you can ultimately
build your creator business uh and keep
your privacy locked down and so thank
you so much Shannon for coming on the
show
Ver Más Videos Relacionados
¿Cual es el SO de Movil más seguro? Android vs iOS
Ultimate smartphone security guide | How to secure your phone tutorial
Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?
Introduction to Cybersecurity
By Cybersecurity Safe: Lock Your Digital Door | Leon Geter | TEDxCharleston
Protecting Personal Data (With KAREN DAVILA)
5.0 / 5 (0 votes)