Famous tech site, TechCrunch became the latest victim of hacker group, OurMine.
The group describes itself as ‘an elite hacker group known for many hacks showing vulnerabilities in major systems’. For quite some time they’ve been famous for compromising high profile celebrity Twitter accounts and the DDoS-ing of hot properties like Pokemon Go.
OurMine Security gained publishing access to Verizon-owned site, which uses the popular content management system Wordpress, and posted its now infamous message. Rather than completely defacing the site, OurMine chose instead to simply post a news story to indicate that the CMS had been breached.
The group said that it hacked the site to check its security. A post on the site under the byline of Seattle-based writer Devin Coldewey said: “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.” The story appeared at the top of TechCrunch with a big, highly-noticeable red banner.
The OurMine posting appeared at around 5:10 pm but was removed within two hours. It was still showing in Google’s index and cache at the time of writing. It did not take TechCrunch long to notice and remove the story.
Multi-factor authentication is the ground level security for any news organization. TechCrunch admits that re-used passwords must have been instrumental to this hack. Sharing passwords between sites and services is the worst.
The group describes itself as ‘an elite hacker group known for many hacks showing vulnerabilities in major systems’. For quite some time they’ve been famous for compromising high profile celebrity Twitter accounts and the DDoS-ing of hot properties like Pokemon Go.
OurMine Security gained publishing access to Verizon-owned site, which uses the popular content management system Wordpress, and posted its now infamous message. Rather than completely defacing the site, OurMine chose instead to simply post a news story to indicate that the CMS had been breached.
The group said that it hacked the site to check its security. A post on the site under the byline of Seattle-based writer Devin Coldewey said: “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.” The story appeared at the top of TechCrunch with a big, highly-noticeable red banner.
The OurMine posting appeared at around 5:10 pm but was removed within two hours. It was still showing in Google’s index and cache at the time of writing. It did not take TechCrunch long to notice and remove the story.
Multi-factor authentication is the ground level security for any news organization. TechCrunch admits that re-used passwords must have been instrumental to this hack. Sharing passwords between sites and services is the worst.