So yes, he did a dumb thing and clicked on a malicious file. What's mind boggling to me (and him!) is it appears that the attackers, just by having a copy of his Google session cookie, were able to then impersonate him and change his Google account (and thus YouTube account) two factor and passwords - thus locking him out of his own account.
As he says, how is it possible you can make an authentication change without requiring a two factor challenge/response? Seems like a HUGE gaping hole and hopefully someone from Google will respond or even better fix it!
BTW - if you are into home automation, his channel is awesome. I don't always agree with his conclusions (who does?) but I sure enjoy the heck out of his content and have discovered some great stuff and ideas while being entertained. Not a bad deal.
As he says, how is it possible you can make an authentication change without requiring a two factor challenge/response? Seems like a HUGE gaping hole and hopefully someone from Google will respond or even better fix it!
BTW - if you are into home automation, his channel is awesome. I don't always agree with his conclusions (who does?) but I sure enjoy the heck out of his content and have discovered some great stuff and ideas while being entertained. Not a bad deal.