Earlier this month, we heard that Facebook CEO Mark Zuckerberg’s Twitter, Instagram and Pineterest accounts got hacked by a hacker group “OurMine”. The hacker taunted “Hey @finkd we got access to your Twitter, Instagram and Pinterest, we are just testing your security, please DM us”. This news revealed the major security breach into accounts of different celebrities.
Google CEO Sundar Pichai has become the latest victim of this hacking group “OurMine” after his Twitter linked Quora account got compromised and filled with spam links and post.
After many spam posts on these accounts, this breach gone public as followed by many followers. OurMine group said it managed to breach Pichai’s account by exploiting Quora’s zero-day vulnerability. However, Quora has not responded yet on this flaw.
Surprisingly, OurMine has set up a website that displays a range of vulnerability scanning service and with a refund policy if the service didn’t work. In a short message they said “We are just testing people security, we never change their passwords, and we did it because there are other hackers who can hack them and change everything”.
It is believed that hackers are using the old exploited data dumps and also taking help from recent breaches and information leaks. The old passwords and credential that are still being used by many celebrities and individuals are the main factor behind these attacks.
A hacker “AlexPro” has exposed the hacker group “OurMine” by releasing the IP address and location they are operating from. It seems to be some Arabic people as traced location is Saudia Arab.
However, it is likely the team is using TOR and VPN to remain untraceable, as both are used to route internet traffic around the globe to hide the actual location.
On the rapid breaches on many social media sites, the Twitter spokesperson told the BBC: “A number of other online services have seen millions of passwords stolen in the past several weeks, and we know far too many people use the same password for multiple things online. We recommend people use a unique, strong password for Twitter”.
So it is highly recommended to use different passwords for all different accounts over internet to secure yourselves to some extent.