It’s now the third time of this year that Mark Zuckerberg has had his Pinterest account hacked once again. Members of the group ‘OurMine’ are now claiming the credit for the attack again.
Mark Zuckerberg’s social accounts are now hacked by this group two times in a row. In June, OurMine first hacked and gained access to his Twitter and the same Pinterest accounts.
The hacking attack in June was believed to be the consequence of password re-use. Before you think any further, Yes!, even the giant tech CEOs can fall for password fatigue.
OurMine reportedly used credentials that were exposed in a massive LinkedIn hack that resulted in information leak of more than 117 million people.
Mark Zuckerberg isn’t the only prominent tech personality which has victimized by OurMine. Other CEOs including Marissa Meyer of Yahoo, Sundar Pichai of Google, and Uber’s Travis Kalanick have had their accounts hacked by the same group. OurMine also has claimed responsibility for attacks on Buzzfeed and Variety earlier this year.
While talking to Forbes, Cris Thomas, Strategist for Tenable Network Security said, “I am more dismayed that the _OurMine_ team, who has claimed responsibility, has used the claim that they were just testing security.”
Hackers are classified into three distinct categories: White hat (good guys), Blackhat (bad guys), and ones that are good guys hackers but with shady or questionable ethics; they are referred to as Gray hats. It seems the activities of OurMine group falls on the darker end of Gray Hat hacking.
He said, “No legitimate security researcher would ever test security in this manner. It promotes the stereotype that all hackers are bad and makes it increasingly difficult for researchers who do legitimate security work.”
According to ZDNet, this time the attack was different, and the OurMine group exploited the Pinterest platform vulnerability to allow them hack Zuckerberg’s account and deface it.
Mark Zuckerberg bio at Pinterest reads, “Don’t worry; we are just testing your security,” that included a link to OurMine website. However, the changes soon retracted. The group also claimed to hack Zuckerberg’s Twitter account but were unable to log in because of two-factor authentication.
To Make Sure You Don’t Get Mark Zuckerberg-ed
Stuart McClure, CEO of Cylance says, “My online security advice to everyone is to use complicated passwords that only mean something to you and are unique to each website. Make sure they contain letters (lower and uppercase), numbers, and some special characters—and use two-factor authentication anywhere you can, even on social media. Don’t store credit card information in your browser, and leverage AI-based antivirus on your computers to prevent non-authentication-based attacks.”
Richard Reiner, CTO of True Key at Intel Security, “Readers [People] can protect themselves by using strong passwords (long, random strings of letters, numbers, and punctuation) anywhere, and never use the same password for multiple sites. Readers can use a secure password manager app (such as Intel Security’s True Key app) to generate strong passwords, automatically save them, store them securely, sync them across all their devices, and automatically enter them into the login fields of their sites and apps.”
“The reality is that your password will be compromised,” said Hatem Naguib, GM of Security at Barracuda, “If there is an option for adding the two-factor authentication, do it. If 2FA is not an option, then using strong passwords that you change often is the only way to reduce the likelihood that you will be Zuckerberged.”
What motivates the group’s hacking attacks? It seems, they are trying to build up their business in security services by gaining attention in such ways, as it was seen in the past.
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...