It’s now the third time of this year that Mark Zuckerberg has had his Pinterest account hacked once again. Members of the group ‘OurMine’ are now claiming the credit for the attack again.
Mark Zuckerberg’s social accounts are now hacked by this group two times in a row. In June, OurMine first hacked and gained access to his Twitter and the same Pinterest accounts.
The hacking attack in June was believed to be the consequence of password re-use. Before you think any further, Yes!, even the giant tech CEOs can fall for password fatigue.
OurMine reportedly used credentials that were exposed in a massive LinkedIn hack that resulted in information leak of more than 117 million people.
Mark Zuckerberg isn’t the only prominent tech personality which has victimized by OurMine. Other CEOs including Marissa Meyer of Yahoo, Sundar Pichai of Google, and Uber’s Travis Kalanick have had their accounts hacked by the same group. OurMine also has claimed responsibility for attacks on Buzzfeed and Variety earlier this year.
While talking to Forbes, Cris Thomas, Strategist for Tenable Network Security said, “I am more dismayed that the _OurMine_ team, who has claimed responsibility, has used the claim that they were just testing security.”
Hackers are classified into three distinct categories: White hat (good guys), Blackhat (bad guys), and ones that are good guys hackers but with shady or questionable ethics; they are referred to as Gray hats. It seems the activities of OurMine group falls on the darker end of Gray Hat hacking.
He said, “No legitimate security researcher would ever test security in this manner. It promotes the stereotype that all hackers are bad and makes it increasingly difficult for researchers who do legitimate security work.”
According to ZDNet, this time the attack was different, and the OurMine group exploited the Pinterest platform vulnerability to allow them hack Zuckerberg’s account and deface it.
Mark Zuckerberg bio at Pinterest reads, “Don’t worry; we are just testing your security,” that included a link to OurMine website. However, the changes soon retracted. The group also claimed to hack Zuckerberg’s Twitter account but were unable to log in because of two-factor authentication.
To Make Sure You Don’t Get Mark Zuckerberg-ed
Stuart McClure, CEO of Cylance says, “My online security advice to everyone is to use complicated passwords that only mean something to you and are unique to each website. Make sure they contain letters (lower and uppercase), numbers, and some special characters—and use two-factor authentication anywhere you can, even on social media. Don’t store credit card information in your browser, and leverage AI-based antivirus on your computers to prevent non-authentication-based attacks.”
Richard Reiner, CTO of True Key at Intel Security, “Readers [People] can protect themselves by using strong passwords (long, random strings of letters, numbers, and punctuation) anywhere, and never use the same password for multiple sites. Readers can use a secure password manager app (such as Intel Security’s True Key app) to generate strong passwords, automatically save them, store them securely, sync them across all their devices, and automatically enter them into the login fields of their sites and apps.”
“The reality is that your password will be compromised,” said Hatem Naguib, GM of Security at Barracuda, “If there is an option for adding the two-factor authentication, do it. If 2FA is not an option, then using strong passwords that you change often is the only way to reduce the likelihood that you will be Zuckerberged.”
What motivates the group’s hacking attacks? It seems, they are trying to build up their business in security services by gaining attention in such ways, as it was seen in the past.