When hacker group OurMine said it gained access to Jack Dorsey’s Dropbox account, the hackers boasted proof that the Twitter CEO could see users’ Vine passwords. Twitter acquired Vine in 2012.
“We hacked Jack’s Dropbox and we found all Vine files, including [a] picture of the control panel of Vine,” OurMine claims in an update.
An image of the purported Vine control panel was also posted on OurMine’s website, suggesting that people from Twitter could easily pry open an account and take over.
The hacker group claims that those “who have access to the panel can see private information about people and their passwords!!”
Twitter: ‘We Never Show Passwords’
In an email to VentureBeat, a Twitter spokesperson denied the accusations.
“Our Vine admin site is restricted to Twitter IPs, is HTTPs, and never shows passwords in any form,” the representative writes. “We securely store our passwords per industry best practices.”
Neither is the image of the control panel accurate, the spokesperson claims.
OurMine: ‘Passwords Should Be Encrypted’
Posts from OurMine, about taking over another CEO’s account yet again, are nothing new. In fact, the group’s website is populated with screenshots allegedly taken of hacked accounts. Their control panels lay open, of course, for OurMine to start posting tweets on behalf of its victim.
The hijacking of Dorsey’s account is another reminder for everyone to take account security and password creation seriously. Even OurMine suggests this very idea.
“Passwords should be encrypted,” the hacker group recommends. “No need to show it for support team; be safe guys.”
OurMine continues to lodge privacy attacks against the biggest names in the tech industry and across multiple platforms. Dorsey is only the latest to fall prey to these attacks.
Other victims include Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Yahoo’s Marissa Mayer. Websites where the hackers had taken over include Pinterest, Quora and, of course, Twitter.
People from Quora maintain that the takeover of Pichai’s account was not because of any vulnerability in Quora’s system but because OurMine “exploited previous password leaks on other services.”
In the case of Zuckerberg, for instance, his account credentials were taken from the LinkedIn security breach.
Many have pointed out that OurMine’s underlying motive for the attacks is to sell its own data protection services and, in the process, it often taunts its victims by saying, “his security was really weak.”
To drive home the point, OurMine says, it is “going to hack more!”
9 July 2016