Cyber Security lessons from Ourmine

Ourmine. That name was in the hot seat for a while recently. They made their way to the headlines by hacking and humiliating some of the most powerful and popular figures in the tech and the entertainment industry starting with Mark Zuckerberg, Sundar Pichai, Daniel Ek, Brendan Iribe to media celebrities like David Guetta, Channing Tatum. The list is still incomplete as the hacking team Ourmine is adding new names to the list on a regular basis.

The tech industry is still not settled with a label to tag them with such as White or Black or Gray or any other hats. They can’t be called hacktivists too, because we observed that they randomly target high profile individuals or entities for fun or personal gain. From the last couple of weeks, they have started addressing themselves as a security firm which offers vulnerability checkups for websites and social media accounts. And they have used their recent breaches to gain more attention to their recent venture as a security firm. You can also find them gloat about each breach on their website.

Even the decision makers of the new cyber world are falling for the oldest tricks in the book.

Now let’s take a look at how they managed to achieve the fame which they have now. Let’s start with the most popular one: Mark Zuckerberg, although they have followed somewhat similar technique which might seem so obvious to you. Mark suffered breach of his Twitter and Pinterest account by reusing passwords which was first breached in 2012, along with other 160 Million Linkedin users. In the case of Sundar Pichai’s Quora and Twitter account breach, Ourmine (as reported) exploited the vulnerability in the website, although people from Quora believe that the breach was caused by leveraging the credentials market on the dark web. Ourmine compromised Brendan Iribe’s Twitter account by obtaining his password from the Myspace breach which occurred in May 2016. According to Ourmine, they could have also breached Brendan’s Google account if he had not enabled two-factor authentication.

I could go on and on explaining about everyone’s breach, but since you identified the pattern, let us move on to the conclusion. Even the decision makers of the new cyber world are falling for the oldest tricks in the book. No matter whether they (Ourmine) are a security firm or attention seekers or any other entity, they do offer some serious security lessons for free. Even though most of us are not popular figures like the above, these mistakes can end up in huge disasters if the wrong player managed to hijack our accounts.
So, change your passwords right after the news of any ‘mass’ breachesbecause you don’t want to be a victim again, especially after 3 or 4 years as they (Tech CEOs and Celebrities) became. Also, don’t reuse passwords. Enable two-factor authentication. And think twice before linking accounts.