[BreachExchange] BuzzFeed Hacked By OurMine In Response To Alleged Expose

Mon Oct 10 18:54:13 EDT 2016

http://www.valuewalk.com/2016/10/buzzfeed-hack/

After the threatening and robbing of Kim Kardashian in Paris past week,
celebrities are concerned whether her frequent use of social media made her
more vulnerable, and might be reassessing their social media sharing.
However, for famous and prominent people, this will not resolve another
threat, hacking.

OurMine, the hacking group, known for insinuating the digital accounts of
CEOs, VCs, and other celebrities, breached the famous social website
BuzzFeed on Wednesday, leaving the website defaced and its articles altered
and  some deleted. The attack may have been in response to the report
BuzzFeed published on Tuesday, which asserted that OurMine is not a group,
but a single Saudi Arabian high schooler.

What Happened In The Hack?

BuzzFeed’s Joseph Bernstein report on OurMine report published on Tuesday,
and the website was hacked on Wednesday. Headlines of few altered articles
including the website’s homepage read, “HACKED BY OURMINE” and group’s
website ourmine.org was prominently advertised. One such altered article
stated, “Hacked by OurMine team, don’t share fake news about us again, we
have your database. Next time it will be public. Don’t f*#k with OurMine
again.”

The website Buzzfeed tweeted quickly about the hacking incident and
commented that they are working to recover the altered articles, including
the original report on the group. In few hours, the evidence was removed
from the website.

BuzzFeed didn’t comment on how the OurMine group (or teen) breached its
database. In the past, OurMine has used passwords leaked in old breaches to
access accounts where same emails and passwords were used. A blog post by
OurMine said, “Why we hacked it? Alright, yesterday Buzzfeed Created a post
that we are only one member called Ahmed Makki, and we can confirm that we
don’t Have a member named ”Ahmed Makki” and we are now four we were three
but someone joined, and we hacked it because they are reporting fake news
about us.” It also listed the news and comments of other social media
websites to assert its claim. The hacking group OurMine has also breached
third-party apps connected to social media accounts to gain illegal access.

What is OurMine?

OurMine group claiming to be raising awareness of security issues and
offering its services for a charge. However, as BuzzFeed said the group has
established itself as a nuisance to executives and celebrities. OurMine is
still at large to target high-profile corporations and personalities,
especially executives like Google CEO Sundar Pichai, Twitter CEO Jack
Dorsey, Facebook CEO Mark Zuckerberg, and Uber CEO Travis Kalanick. It
seems a new step for OurMine to target BuzzFeed in an attempt to silence it
using coercion. However, it remains unclear that what did it mean when
OurMind said it has BuzzFeed’s database, neither did it characterized the
stolen data.

Though you probably wouldn’t consult OurMine to advice you on personal
security after their deliberate attacks, hacks by such groups act as a
reminder that reusing the same passwords on multiple platforms is always
dangerous as one breach leads to all your accounts being hacked, and that
you should monitor the applications you associate with your digital
accounts. The situation with BuzzFeed shows that OurMine is hostile to
retaliate on perceived slights and is active.

What measures you should take?

You can strong arm your social accounts security by using different
passwords, ditching the security questions as they are obvious to guess
(Yahoo breach taught that), Using a 2-way authentication where supported so
that you are informed whenever a suspicious login takes place, wherever
possible do not use your social accounts to sign up on websites to
restricts the chain of accounts connected as this makes your other accounts
exposed to attackers. These suggested step will not provide you complete
security but it is enough make it harder for attackers to access your
digital accounts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161010/981b310c/attachment.html>