BuzzFeed Hacked By OurMine In Response To Alleged Expose by Rebecca James
After the threatening and robbing of Kim Kardashian in Paris past week, celebrities are concerned whether her frequent use of social media made her more vulnerable, and might be reassessing their social media sharing. However, for famous and prominent people, this will not resolve another threat, hacking.
OurMine, the hacking group, known for insinuating the digital accounts of CEOs, VCs, and other celebrities, breached the famous social website BuzzFeed on Wednesday, leaving the website defaced and its articles altered and some deleted. The attack may have been in response to the report BuzzFeed published on Tuesday, which asserted that OurMine is not a group, but a single Saudi Arabian high schooler.
What Happened In The Hack?
BuzzFeed’s Joseph Bernstein report on OurMine report published on Tuesday, and the website was hacked on Wednesday. Headlines of few altered articles including the website’s homepage read, “HACKED BY OURMINE” and group’s website ourmine.org was prominently advertised. One such altered article stated, “Hacked by OurMine team, don’t share fake news about us again, we have your database. Next time it will be public. Don’t f*#k with OurMine again.”
The website Buzzfeed tweeted quickly about the hacking incident and commented that they are working to recover the altered articles, including the original report on the group. In few hours, the evidence was removed from the website.
BuzzFeed didn’t comment on how the OurMine group (or teen) breached its database. In the past, OurMine has used passwords leaked in old breaches to access accounts where same emails and passwords were used. A blog post by OurMine said, “Why we hacked it? Alright, yesterday Buzzfeed Created a post that we are only one member called Ahmed Makki, and we can confirm that we don’t Have a member named ”Ahmed Makki” and we are now four we were three but someone joined, and we hacked it because they are reporting fake news about us.” It also listed the news and comments of other social media websites to assert its claim. The hacking group OurMine has also breached third-party apps connected to social media accounts to gain illegal access.
What is OurMine?
OurMine group claiming to be raising awareness of security issues and offering its services for a charge. However, as BuzzFeed said the group has established itself as a nuisance to executives and celebrities. OurMine is still at large to target high-profile corporations and personalities, especially executives like Google CEO Sundar Pichai, Twitter CEO Jack Dorsey, Facebook CEO Mark Zuckerberg, and Uber CEO Travis Kalanick. It seems a new step for OurMine to target BuzzFeed in an attempt to silence it using coercion. However, it remains unclear that what did it mean when OurMind said it has BuzzFeed’s database, neither did it characterized the stolen data.
Though you probably wouldn’t consult OurMine to advice you on personal security after their deliberate attacks, hacks by such groups act as a reminder that reusing the same passwords on multiple platforms is always dangerous as one breach leads to all your accounts being hacked, and that you should monitor the applications you associate with your digital accounts. The situation with BuzzFeed shows that OurMine is hostile to retaliate on perceived slights and is active.
What measures you should take?
You can strong arm your social accounts security by using different passwords, ditching the security questions as they are obvious to guess (Yahoo breach taught that), Using a 2-way authentication where supported so that you are informed whenever a suspicious login takes place, wherever possible do not use your social accounts to sign up on websites to restricts the chain of accounts connected as this makes your other accounts exposed to attackers. These suggested step will not provide you complete security but it is enough make it harder for attackers to access your digital accounts.
Rebecca James is a Journalist and Senior Editor at Be Encrypted. She has provided a lot to security and privacy in her career. She likes to add her personal opinion on recent security matters. You can follow her on Twitter. You can reach Rebecca on Twitter (@rebecca_jeames)