Pow! Captain America and other Marvel heroes defeated by bad passwords

Captain America

The hacker group OurMine has turned its firepower on the Twitter accounts of some of our favorite heroes from the Marvel Comics universe, as well as Netflix.

Yesterday, the group hijacked Netflix’s twitter account and sent a message to the company’s 2.4 million followers about what it called the company’s lackluster security.

That was followed by another tweet where the group offered to test the accounts of others users.

OurMine’s targets included such Marvel superhero accounts as The Avengers, Dr. Strange, Captain America and Ant-man.

All hijacked accounts were used to tweet the same message:

Hey, it’s OurMine, Don’t worry we are just testing your security, contact us to tell you more about the hack [email address removed]

The tweets were eventually deleted, and a Marvel spokesperson said, “We’re investigating and taking immediate action to remedy the situation.”

OurMine has been known to hijack accounts to advertise security services.

The group started its Twitter account on March 31, 2015 and has also targeted the financial sector. It has been particularly active this year.

In October, the group set its sights on Buzzfeed, deleting and vandalizing articles and leaving the message “HACKED BY OURMINE” on its homepage.

In June, they took over social media accounts of Facebook CEO Mark Zuckerberg, claiming to have found his password by sifting through the password dump of stolen LinkedIn accounts from the month before.

OurMine’s blog claims credit for dozens of account hacks ranging from those owned by actress Lisa Schwartz to singer Janet Jackson, MasterCard’s MasterPass sign-up site and Wikipedia founder Jimmy Wales (whose OurMine hack we covered a few months ago).

In many of its hack announcements, OurMine urges people to upgrade their security by purchasing OurMine services.

“We have no bad intentions and only care about the security and privacy of your accounts and network… Not only will we give you access to all your accounts again, we will give you future security tips and assist you with securing your account to its maximum potential,” OurMine says on its website.

Wired previously reported that OurMine was in the habit of using passwords leaked in large-scale breaches to access other accounts where someone re-used the same password.

Which brings us to this piece of advice:

Never, ever reuse the same password for multiple accounts; upgrade the quality of your passwords and consider using a password manager.