This week, Buzzfeed joined a long list of high-profile victims, ranging from Mark Zuckerberg to Channing Tatum to Twitter CEO Jack Dorsey, to be hacked by the OurMine group.
BuzzFeed’s travails began when it reported on OurMine earlier in the week. The gist of the story:
[OurMine] looks like the brainchild of a soccer-obsessed high school student… while OurMine comprises an unknown number of hackers, BuzzFeed News can confirm that one of the OurMine crew is likely a young man living in Saudi Arabia who goes by the name ‘Ahmad Makki’ on social media.
OurMine’s denial was presented in the BuzzFeed story, which quoted the organization’s official email, as follows:
Nope a lot of people thought he is a member of OurMine, but he is just a fan, for this reason people thought we are from saudi arabia, we are not.
But that didn’t make sufficient noise for the group. According to Wired, OurMine hacked into BuzzFeed on Wednesday, caused havoc by deleting and vandalizing articles, and left the message “HACKED BY OURMINE” emblazoned on the homepage, with an advert for the group’s website, Ourmine.org.
The attack was much like others carried out by OurMine, with one article edited to read, ‘Hacked by OurMine team, don’t share fake news about us again, we have your database. Next time it will be public. Don’t f*@k with OurMine again.’
On OurMine’s blog, the organization took credit, showing BuzzFeed’s own tweets about the attack, and commenting:
Why we hacked it? Alright, yesterday Buzzfeed Created a post that we are only 1 member called Ahmed Makki, and we can confirm that we don’t Have a member called ‘Ahmed Makki ‘ and we are now 4 we were 3 but someone joined, and we hacked it because they are reporting fake news about us.
OurMine’s blog takes credit for dozens of recent hacks ranging from actress Lisa Schwartz to singer Janet Jackson, MasterCard’s MasterPass sign-up site to Wikipedia founder Jimmy Wales (whose OurMine hack we covered a few months ago).
In many of its hack announcements, OurMine encourages readers to upgrade their own security by purchasing services from OurMine. Its site’s promise:
We have no bad intentions and only care about the security and privacy of your accounts and network… Not only will we give you access to all your accounts again, we will give you future security tips and assist you with securing your account to its maximum potential.
Last we checked, BuzzFeed had managed to restore its original article, but some of the other defaced articles were still down. Meanwhile, neither BuzzFeed nor OurMine has publicly discussed how the breach occurred. Wired notes that OurMine has sometimes “used passwords leaked in large-scale breaches to access other accounts where someone re-used the same password.”
And if you’re curious whether you’ve been caught in one of those large-scale breaches… well, by now, you probably have, but the folks at haveibeenpwned.com have been trying to keep track, so see for yourself.Follow @NakedSecurity