Careful not to get buried in the flurry of holiday happenings, OurMine has just carried out several high-profile hacks, effectively catapulting the group to the collective consciousness of the entire tech world once again.
Hacking Netflix, Marvel
The latest caper has targeted Netflix's Twitter account. The hapless heroes at Marvel were also caught flat-footed, not able to do a thing as the digital villains effortlessly obliterated their home studio's Twitter defenses shortly after. After OurMine took over their identities, it proceeded on taking down the NFL account.
These breaches have expanded the list of hapless victims this year, which include the Twitter accounts of Google's CEO Sundar Pichai, Twitter's very own Jack Dorsey, and Channing Tatum, among others. Several organizations such as BuzzFeed and Variety have suffered the same OurMine treatment. The group even claimed responsibility for a series of Pokémon GO server crashes.
OurMine Mission Statement
To mark its recent success, OurMine left its signature by way of an online business cards that stated: "Hey, it's OurMine. Don't worry we are just testing your security, contact us to tell you more about that." A Gmail address is helpfully provided. These posts have already been taken down by Netflix and Marvel, but you may be sure that the media have saved some screenshots for the sake of the curious. Even some social media users were able to capture the affair.
Fortunately, this team of online misfits is proving to be quite harmless thus far. After successfully taking over its victims' Twitter accounts, it does not do anything damaging, save for the customary gloating. While at it, the group often feels compelled to berate the hacked personalities or organizations for their weak security mechanisms. Its claim that it is behind the Pokémon GO server crashes is not yet proven.
A Band Of Young Hackers
Folks at TechCrunch was able to track OurMine, concluding that it is constituted by a band of youngsters, including a Saudi Arabian teen. They purportedly have a proclaimed a mission of exposing the security weaknesses of the social media accounts of those being followed by multitudes, possibly due to their influence.
No one knows what the actual modus operandi is, but there are speculations that OurMine must have poached passwords and account details from information dumps resulting from other cases of hacking.
Counter Measures
One should note that a simple password change will not address the OurMine problem. Take the case of Netflix. After the first message was posted, its social media team successfully deleted it. The response should already have entailed password replacement. Several OurMine messages, however, have been posted shortly thereafter, indicating a series of breaches.
Netflix have already confirmed that prior to the widely reported hacking, OurMine has already executed an attack successfully hours earlier.
Observers believe that the group was able to access the Twitter account anew through the previously authorized apps connected to Twitter. In this case, it is advised to disconnect these apps or at least those that are not needed.