Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Wikipedia co-founder Jimmy Wales’ Twitter account hijacked

23 Aug 2016 1 2-factor Authentication, Celebrities, Hacked, Twitter

Post navigation

Previous: Has Microsoft “broken” millions of webcams? (And how to fix yours.)
Next: Who needs software vulnerabilities when you can find lame passwords?
by Lisa Vaas

Wikipedia co-founder Jimmy Wales has joined the celebrity list nobody wants to be on, the list of hijacked Twitter accounts.

On Saturday, his verified account tweeted out a rather premature message about Wales’ demise: “RIP Jimmy Wales, 1966 – 2016.”

Within the hour, as people started to wonder about Wales’ whereabouts and whether they should take the message seriously, the hijacked account followed with a new tweet that read…

I confirm that Wikipedia is all lies, OurMine Team is the true

… along with a link to a website displaying the group’s logo and an ad for social media security services.

Wales regained access to his account later on Saturday, and the tweets were deleted.

But according to Mashable, in addition to the fake messages-cum-marketing, Wales’ Twitter bio had been changed to read “hacked by OurMine.”

This isn’t the first we’ve heard of OurMine. In June, somebody or somebodies going by that name hijacked the Twitter and Pinterest feeds of Mr. Social Media himself, Mark Zuckerberg.

Whoever OurMine is, they boasted about allegedly having found Zuck’s password – the worryingly simple “dadada” – by sifting through the recent password dump of stolen LinkedIn accounts.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

As Quartz reports, nobody in the hacking world seems to like OurMine, which relishes hacking high-profile accounts at random, boasting about the attacks, and asking followers for future targets.

It’s been connected to hijackings of Twitter feeds belonging to Twitter co-founder Evan Williams, Google CEO Sundar Pichai and Twitter co-founder and CEO Jack Dorsey.

Other high-profile users who’ve seen their Twitter accounts whisked out from under their noses, not necessarily by OurMine, include Sarah Silverman, NASA (those weren’t your typical moon shots!), Tesla and Elon Musk (with the hijackers offering free cars), a teacher who unwittingly got turned into a porn star, Twitter CFO Anthony Noto, and Black Lives Matter activist DeRay Mckesson, whom the account kidnappers turned into a Donald Trump supporter, to name just a few.

Twitter’s ongoing war to clean up its dark underbelly

Besides account hijackings, Twitter has an abuse and troll problem, and it’s been going on for quite a while.

In February 2015, then-CEO Dick Costolo admitted that Twitter “sucked” at dealing with abuse and trolls.

The company’s done a lot of work to clean up its act, and the work continues. Last week, it said that it had taken down 235,000 terrorist accounts, for one thing.

It also announced that it was rolling out two new features to “give you more control over what you see and who you interact with on Twitter.”

According to Twitter product manager Emil Leong, a new “quality filter” can improve the quality of tweets you see “by using a variety of signals, such as account origin and behavior.”

Also, new notifications settings now give users the ability to limit notifications to only people they follow on mobile and on Twitter.

In a blog post, Leong said that starting last Thursday, the new, optional Quality Filter will sift out lower-quality content, like duplicate tweets or content that appears to be automated, from notifications and other parts of Twitter.

How do attackers get our Twitter accounts?

As far as the hijackings are concerned, there are many ways that these accounts could have been taken over. Likely suspects include:

Password reuse. This is why we urge you not to reuse passwords on different sites: if one of those sites gets breached, crooks can use the same login to get into wherever else you’ve used it. They can get into your social media accounts to embarrass you, get access to your contacts, commit identity theft, and drain your banking accounts, while they’re at it.

It’s really a bad idea to use a password twice, and here’s why.

Willy-nilly clicking on links in email is another way to get into trouble. Phishing might sound old-school, but some of the true classics are still extremely successful. In fact, a study from Google and the University of California, San Diego, found that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.

Bad password etiquette. Perhaps a staffer gave the password away to someone, or maybe it was the name of somebody’s pet?

How to protect against account hijacking

Enable multifactor authentication – what Twitter refers to as login verification – should help defend against account hijackings. If you haven’t yet set it up for your Twitter account, why not do it today?

Use a strong, unique password. Here’s how to cook one up:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Has Microsoft “broken” millions of webcams? (And how to fix yours.)
Next: Who needs software vulnerabilities when you can find lame passwords?

One comment on “Wikipedia co-founder Jimmy Wales’ Twitter account hijacked”

  1. Tom says:
    August 23, 2016 at 1:19 pm

    Of course how many times has a Wikipedia biography falsely reported some one as deceased or the incorrect date of birth? Wikipedia is a wonderful resource, but it’s always good to check a second resource. I wish Wikipedia had not “banned” the blatantly silly entries from its early days, they usually gave me a chuckle.

    Reply

What do you think? Cancel reply

Recommended reads

Feb10
by Paul Ducklin
0

Reddit admits it was hacked and data stolen, says “Don’t panic”

Jan24
by Paul Ducklin
0

Apple patches are out – old iPhones get an old zero-day fix at last!

Mar13
by Paul Ducklin
4

Linux gets double-quick double-update to fix kernel Oops!

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP