OurMine hacks Marvel and Netflix Twitter accounts
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

The hacked "Avengers" Twitter account at 12:09 EST, December 21. Image Credit: Twitter

The hacked "Avengers" Twitter account at 12:09 EST, December 21. Image Credit: Twitter

Once again, it insists it’s only doing it to make companies aware of their services

In what appears to be an ongoing hack against major brands and companies on Twitter, the “white hat” hacking group known as OurMine went after both Netflix and Marvel today. As of this writing, Netflix is back to normal, while Marvel is fighting for control over several accounts it runs.

Elsewhere on Twitter, multiple accounts appear to be retweeting a hacked Forbes story on the incidents.

The attackers posted multiple tweets on Netflix’s main (US) account, though Netflix and Twitter eventually regained control and deleted all the OurMine tweets within 40 minutes.

Twitter deleted the first hijacked tweet from Marvel in less than half an hour from @Avengers, a verified account for the Marvel-owned superhero franchise. (Followers joked that Amadeus Cho, a teenage genius within the comics universe, must actually be OurMine if he could hack The Avengers.)

A second Marvel-run Twitter, for “The Guardians of the Galaxy” movies, has also been hacked, as have @MarvelMusicInc, @Marvel, @Iron_Man, @CaptainAmerica, @AntMan, and @theblackpanther since this post first went up:

Image Credit: Twitter

Image Credit: Twitter

The hacks are still continuing, with a focus on Marvel for an as-yet undisclosed reason.

The Register speculates that the attack may have been the result of a lack of two factor-authentication, though that is not yet clear and OurMine has not yet outlined what flaw it exploited on its website. A representative told Mashable, though, that OurMine hacked the account of Netflix’s Director of Social Media, and from there got access to the main account.

OurMine has targeted other accounts before, such as Mark Zuckerberg’s Pinterest and Twitter pages, as well as Twitter’s own Jack Dorsey and websites like Wikipedia and BuzzFeed, the latter in protest over a report from the site that the group was the work of just one man.

Unlike other hacks, which have simply reiterated the need to hire them as consultants, this one carried a more obvious threat, with the group posting to the news site, “we have your database. Next time it will be public.”

OurMine says that it has at least four members, and wishes to remain anonymous, so none have been formally named as of this writing.

It is also unclear which, if any, organizations have taken up its offer to employ its services. The hackers offer social media and email account protection for $30 and $10, respectively, and $5,000 for corporate networks: Mic interviewed members of the group who said they’ve made several thousand dollars already.

Alongside Twitter, OurMine also appears to have gotten into Forbes:

 

Image Credit: Forbes

Image Credit: Forbes

Besides enabling verification on your social media and email accounts, good passwords (and updating passwords), users worried about this sort of hijacking should check their app permissions, as Hootsuite’s Twitter was not directly hacked by OurMine in the past, but via Foursquare. For companies, as outlined on CMS Wire, this means instructing employees in what to do, as well as bringing together the advertising/marketing aspects of the business with the cyber security staff to build a company-wide policy.

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

More Goodies From Security


Russia in talks with US to create cybersecurity working group

FBI warns parents: Internet-connected toys can spy on your kids

Your data may have crashed, but you don’t have to!