Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Facebook’s Twitter and Instagram accounts hijacked

11 Feb 2020 2 Facebook, Social networks, Twitter

Post navigation

Previous: Google Chrome to start blocking downloads served via HTTP
Next: Officials raise alarm about Chinese hacking
by John E Dunn

Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them.

Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared:

Hi, we are OurMine

Well even Facebook is hackable but at least their security better than Twitter.

The now deleted message continues by offering the services of OurMine to anyone wanting to improve their account security.

The same group’s logo also appeared on Facebook’s Instagram account:

Facebook’s Instagram account also hacked into by OurMine.

Bad Times.

It reportedly took the admins around 30 minutes to retake control of the feed, with one observer recording how messages from the hijackers were posted, deleted, and reposted several times before Facebook’s admins gained the upper hand.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

Weakest link

Despite some headlines suggesting otherwise, this may not have been a direct hack of Facebook’s Twitter account.

As with the recent OurMine attack on the US National Football League (NFL), it looks as if the tweets were posted via third-party marketing platform called Khoros that had access to the accounts.

Created in 2018 from the merger of two previous companies, Spredfast and Lithium, Khoros is a platform used by large companies to manage multiple social media accounts while analysing the impact of the campaigns they run.

Khoros hasn’t officially admitted its involvement, but it has disabled access after what it described as a “phishing attack that allowed a bad actor access to our platform.” And mobile access to the platform remains suspended while Khoros works “to align the recent security enhancements to our platform with the app.”

OurMine has a history of finding these sorts of weaknesses. Until recently, the group had been quiet since 2017, having earlier successfully hijacked the Twitter accounts of Wikipedia co-founder Jimmy Wales, Google CEO, Sundar Pichai, Facebook’s Mark Zuckerberg and even Twitter’s own co-founder, Jack Dorsey.  Some of those were connected to link-shortening service, Bitly.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Google Chrome to start blocking downloads served via HTTP
Next: Officials raise alarm about Chinese hacking

2 comments on “Facebook’s Twitter and Instagram accounts hijacked”

  1. Bryan says:
    February 11, 2020 at 9:01 pm

    Before even reading the article:
    “heh, amusingly meta…”
    The linked vid furthered that sensation.

    That said, I wish to offer an edit:
    > Some of those were connected to link-shortening service, Bitly.
    This article is a stub. You can help Naked Security by expanding it.
    :,)

    Reply
    • Bryan says:
      February 12, 2020 at 1:17 am

      However, if giving the article a mildly-truncated feel, punctuated by that sentence… was a clever allusion to the shortened links themselves:
      “heh, amusingly meta“

      Reply

What do you think? Cancel reply

Recommended reads

Nov25
by Naked Security writer
5

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Nov11
by Paul Ducklin
17

Dangerous SIM-swap lockscreen bypass – update Android now!

Dec12
by Paul Ducklin
0

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP