Sophos Cloud Optix
Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them.
Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared:
Hi, we are OurMine
Well even Facebook is hackable but at least their security better than Twitter.
The now deleted message continues by offering the services of OurMine to anyone wanting to improve their account security.
The same group’s logo also appeared on Facebook’s Instagram account:
Facebook’s Instagram account also hacked into by OurMine.
Bad Times.
It reportedly took the admins around 30 minutes to retake control of the feed, with one observer recording how messages from the hijackers were posted, deleted, and reposted several times before Facebook’s admins gained the upper hand.
Weakest link
Despite some headlines suggesting otherwise, this may not have been a direct hack of Facebook’s Twitter account.
As with the recent OurMine attack on the US National Football League (NFL), it looks as if the tweets were posted via third-party marketing platform called Khoros that had access to the accounts.
Created in 2018 from the merger of two previous companies, Spredfast and Lithium, Khoros is a platform used by large companies to manage multiple social media accounts while analysing the impact of the campaigns they run.
Khoros hasn’t officially admitted its involvement, but it has disabled access after what it described as a “phishing attack that allowed a bad actor access to our platform.” And mobile access to the platform remains suspended while Khoros works “to align the recent security enhancements to our platform with the app.”
OurMine has a history of finding these sorts of weaknesses. Until recently, the group had been quiet since 2017, having earlier successfully hijacked the Twitter accounts of Wikipedia co-founder Jimmy Wales, Google CEO, Sundar Pichai, Facebook’s Mark Zuckerberg and even Twitter’s own co-founder, Jack Dorsey. Some of those were connected to link-shortening service, Bitly.
Before even reading the article:
“heh, amusingly meta…”
The linked vid furthered that sensation.
That said, I wish to offer an edit:
> Some of those were connected to link-shortening service, Bitly.
This article is a stub. You can help Naked Security by expanding it.:,)
However, if giving the article a mildly-truncated feel, punctuated by that sentence… was a clever allusion to the shortened links themselves:
“heh, amusingly meta“