WHITE HAT OR
black hat, you are probably best advised not to deal with OurMine. Most of its victims claim to have wrestled control of their accounts under their own steam, and testimonials from customers are thin on the ground.
Customers pay $30 via PayPal for a full scan of their personal accounts, while businesses must contact the firm to discuss terms. Even the news section of the security outfit’s website celebrates the ‘hacks’ carried out. There you can see posts about “The biggest hack in YouTube history”, and the story behind how Mark Zuckerberg came to be hacked twice. It appears the man behind Facebook finds it hard to choose a secure password.
“Today our team reached Mark Zuckerberg accounts again… how did we hack him again? We have our private methods… and no it’s not using leaked databases,” crows OurMine.
“His password previously was dadada, and we told him to protect his accounts, but unfortunately he didn’t listen and he used easy password again, but at least he enabled 2-step verification on his Twitter, but his password now is dr1nkbur.”
If Mark Zuckerberg has any sense, that is no longer his password, so it seems the unorthodox methods used by the group do have some merit when it comes to best practice behaviour.
Security expert Graham Cluley recently said that the group’s attacks should serve as a lesson to everyone. He explained that the hacks can be mischievous, but offer a powerful message about online providers and how they protect their users.
“The OurMine hacking gang have turned their attention from HBO and Sony to break into FC Barcelona’s social media accounts to announce that former Real Madrid player Ángel Di María had been signed-up for the team. FC Barcelona and Real Madrid are bitter rivals, so news that a player is switching allegiances from one side to another is likely to get fans fuming,” he said.
“FC Barcelona may want to look again at its defence, because it is clearly lacking when it comes to protecting its social media accounts. That means not only training staff in password best practice, but also the security benefits of enabling two-step verification or two-factor authentication.”