Skip to content

Naked Security

Computer Security News, Advice and Research
  • sophos.com
  • Free Tools
  • Intercept X
Award-winning computer security news
  • Twitter
  • Facebook
  • Google+
  • LinkedIn
  • Feed

Wikipedia co-founder Jimmy Wales’ Twitter account hijacked

23 Aug 2016 1 2-factor Authentication, Celebrities, Hacked, Twitter

Post navigation

Previous: Has Microsoft “broken” millions of webcams? (And how to fix yours.)
Next: Who needs software vulnerabilities when you can find lame passwords?
by Lisa Vaas
  • 0Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on LinkedIn
  • Share on Reddit

Wikipedia co-founder Jimmy Wales has joined the celebrity list nobody wants to be on, the list of hijacked Twitter accounts.

On Saturday, his verified account tweeted out a rather premature message about Wales’ demise: “RIP Jimmy Wales, 1966 – 2016.”

Within the hour, as people started to wonder about Wales’ whereabouts and whether they should take the message seriously, the hijacked account followed with a new tweet that read…

I confirm that Wikipedia is all lies, OurMine Team is the true

… along with a link to a website displaying the group’s logo and an ad for social media security services.

Wales regained access to his account later on Saturday, and the tweets were deleted.

But according to Mashable, in addition to the fake messages-cum-marketing, Wales’ Twitter bio had been changed to read “hacked by OurMine.”

This isn’t the first we’ve heard of OurMine. In June, somebody or somebodies going by that name hijacked the Twitter and Pinterest feeds of Mr. Social Media himself, Mark Zuckerberg.

Whoever OurMine is, they boasted about allegedly having found Zuck’s password – the worryingly simple “dadada” – by sifting through the recent password dump of stolen LinkedIn accounts.

Free award-winning computer security
Stop ransomware without lifting a finger

As Quartz reports, nobody in the hacking world seems to like OurMine, which relishes hacking high-profile accounts at random, boasting about the attacks, and asking followers for future targets.

It’s been connected to hijackings of Twitter feeds belonging to Twitter co-founder Evan Williams, Google CEO Sundar Pichai and Twitter co-founder and CEO Jack Dorsey.

Other high-profile users who’ve seen their Twitter accounts whisked out from under their noses, not necessarily by OurMine, include Sarah Silverman, NASA (those weren’t your typical moon shots!), Tesla and Elon Musk (with the hijackers offering free cars), a teacher who unwittingly got turned into a porn star, Twitter CFO Anthony Noto, and Black Lives Matter activist DeRay Mckesson, whom the account kidnappers turned into a Donald Trump supporter, to name just a few.

Twitter’s ongoing war to clean up its dark underbelly

Besides account hijackings, Twitter has an abuse and troll problem, and it’s been going on for quite a while.

In February 2015, then-CEO Dick Costolo admitted that Twitter “sucked” at dealing with abuse and trolls.

The company’s done a lot of work to clean up its act, and the work continues. Last week, it said that it had taken down 235,000 terrorist accounts, for one thing.

It also announced that it was rolling out two new features to “give you more control over what you see and who you interact with on Twitter.”

According to Twitter product manager Emil Leong, a new “quality filter” can improve the quality of tweets you see “by using a variety of signals, such as account origin and behavior.”

Also, new notifications settings now give users the ability to limit notifications to only people they follow on mobile and on Twitter.

In a blog post, Leong said that starting last Thursday, the new, optional Quality Filter will sift out lower-quality content, like duplicate tweets or content that appears to be automated, from notifications and other parts of Twitter.

How do attackers get our Twitter accounts?

As far as the hijackings are concerned, there are many ways that these accounts could have been taken over. Likely suspects include:

Password reuse. This is why we urge you not to reuse passwords on different sites: if one of those sites gets breached, crooks can use the same login to get into wherever else you’ve used it. They can get into your social media accounts to embarrass you, get access to your contacts, commit identity theft, and drain your banking accounts, while they’re at it.

It’s really a bad idea to use a password twice, and here’s why.

Willy-nilly clicking on links in email is another way to get into trouble. Phishing might sound old-school, but some of the true classics are still extremely successful. In fact, a study from Google and the University of California, San Diego, found that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.

Bad password etiquette. Perhaps a staffer gave the password away to someone, or maybe it was the name of somebody’s pet?

How to protect against account hijacking

Enable multifactor authentication – what Twitter refers to as login verification – should help defend against account hijackings. If you haven’t yet set it up for your Twitter account, why not do it today?

Use a strong, unique password. Here’s how to cook one up:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Follow @NakedSecurity

Follow @LisaVaas
  • account hijack
  • account hijacking
  • hijack
  • hijacking
  • Jimmy Wales
  • OurMine
  • Wikipedia

Free tools

Sophos Home

Sophos Home
for Windows and Mac

XG Firewall Home Edition

XG Firewall
Home Edition

Mobile Security for Android

Mobile Security
for Android

Virus Removal Tool

Virus Removal Tool

Antivirus for Linux

Antivirus
for Linux

Post navigation

Previous: Has Microsoft “broken” millions of webcams? (And how to fix yours.)
Next: Who needs software vulnerabilities when you can find lame passwords?

About the author

Lisa Vaas

Lisa Vaas

Lisa has been writing about technology, careers, science and health since 1995. She rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash and joined the freelancer economy. Alongside Naked Security Lisa has written for CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output.

One comment on “Wikipedia co-founder Jimmy Wales’ Twitter account hijacked”

  1. Tom says:
    August 23, 2016 at 1:19 pm

    Of course how many times has a Wikipedia biography falsely reported some one as deceased or the incorrect date of birth? Wikipedia is a wonderful resource, but it’s always good to check a second resource. I wish Wikipedia had not “banned” the blatantly silly entries from its early days, they usually gave me a chuckle.

    Reply

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

w
Cancel

Connecting to %s

Recommended reads

Apr05
by Lisa Vaas
1

YouTube employee’s Twitter account hijacked during shooting

Jan18
by Lisa Vaas
1

Hijackers DM @realDonaldTrump from former Fox News hosts’ accounts

Sep17
by Kim Crawley
6

Vevo hacked, 3.12 TB of data leaked

Dec22
by Bill Brenner
1

Pow! Captain America and other Marvel heroes defeated by bad passwords

Oct06
by Bill Camarda
3

BuzzFeed latest high-profile victim of OurMine hackers

Jun06
by Lisa Vaas
4

Mark Zuckerberg’s social media accounts hijacked

SOPHOS

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal

Network Protection

  • XG Firewall
  • UTM
  • Secure Wi-Fi
  • Secure Web Gateway
  • Secure Email Gateway

Enduser Protection

  • Enduser Protection Bundles
  • Endpoint Antivirus
  • Sophos Cloud
  • Mobile Control
  • SafeGuard Encryption
  • Learn More

Server Protection

  • Virtualization Security
  • Server Security
  • SharePoint Security
  • Network Storage Antivirus
  • PureMessage
  • Twitter
  • Facebook
  • Google+
  • LinkedIn
  • Feed
© 1997 - 2018 Sophos Ltd. All rights reserved. Powered by WordPress.com VIP