Home
Sundar Pichai has become the latest victim of hacking group OurMine Security. Security experts believe that the breach was available due to a vulnerability in URL shortening service Bitly. A few days ago, Google CEO’s Twitter posted the message: “Hey, it’s OurMine, we are just testing your security, to upgrade your security please visit our website.” The same showed up in his Quora account. Although the messages were deleted a few minutes later, it made Pichai one of the celebrities who’ve been hacked by the same collective in the past few weeks.
In early June, first victim was Mark Zuckerberg, whose Twitter and Pinterest accounts were hacked. It is likely that his password was found in a database of user data stolen from LinkedIn 5 years ago. Then former Twitter boss Dick Costolo was hacked (messages were posted from his Twitter and Pinterest accounts), followed by young adult novelist Hank Green, Mark Zuckerberg’s sister Randi Zuckerberg, and actor Channing Tatum.
One common thread among some of the hacks is the use of link shortening service Bitly. When journalist Matthew Yglesias was hacked, the hackers posted a standard “testing your security” tweet, which according to Twitter’s API was sent through Bitly, a link shortening service. Many Twitter users have given Bitly permission to read and write tweets, and that seems to be a vulnerability.
The hackers are keen to build publicity for their breaches. One of the group’s members explained that the hack involved Bitly, but the service denied any vulnerability, blaming password reuse and failure to enable two-factor authentication. The company claimed it continuously updated its technology to maintain best security practices and reminded users to use strong passwords, update them frequently, and do not repeat them on any other services. Besides, Bitly hasn’t been involved in every OurMine hack. A similar link to Quora has been noted, as Google CEO and technologist Anil Dash saw their accounts hit through that service as well.
The recent wave of attacks should alert users with insecure accounts (perhaps due to weak or reused passwords) that are linked up to important social media services like Facebook and Twitter. If you are one of them, you are recommended to deactivate integrations with linked companies in the settings.
Sourcedfrom torrentfreak
In early June, first victim was Mark Zuckerberg, whose Twitter and Pinterest accounts were hacked. It is likely that his password was found in a database of user data stolen from LinkedIn 5 years ago. Then former Twitter boss Dick Costolo was hacked (messages were posted from his Twitter and Pinterest accounts), followed by young adult novelist Hank Green, Mark Zuckerberg’s sister Randi Zuckerberg, and actor Channing Tatum.
One common thread among some of the hacks is the use of link shortening service Bitly. When journalist Matthew Yglesias was hacked, the hackers posted a standard “testing your security” tweet, which according to Twitter’s API was sent through Bitly, a link shortening service. Many Twitter users have given Bitly permission to read and write tweets, and that seems to be a vulnerability.
The hackers are keen to build publicity for their breaches. One of the group’s members explained that the hack involved Bitly, but the service denied any vulnerability, blaming password reuse and failure to enable two-factor authentication. The company claimed it continuously updated its technology to maintain best security practices and reminded users to use strong passwords, update them frequently, and do not repeat them on any other services. Besides, Bitly hasn’t been involved in every OurMine hack. A similar link to Quora has been noted, as Google CEO and technologist Anil Dash saw their accounts hit through that service as well.
The recent wave of attacks should alert users with insecure accounts (perhaps due to weak or reused passwords) that are linked up to important social media services like Facebook and Twitter. If you are one of them, you are recommended to deactivate integrations with linked companies in the settings.
Sourcedfrom torrentfreak