Pierluigi Paganini November 16, 2016

For the second time this year, the hacker group OurMine breached one of the online accounts of the Facebook CEO Mark Zuckerberg.

For the second time, this year hackers seems to have breached the Facebook CEO Mark Zuckerberg. The notorious hacking group known as OurMine has claimed credit for hacking Mark Zuckerberg’s online accounts.

The news was reported by  Zack Whittaker from Zero Day who was contacted by the notorious group of hackers. OurMine told Whittaker they had hacked the Zuckerberg’s Pinterest account, the hacker changed the tagline and published the group’s web address. At the time I was writing the situation has been restored to the normal.

“Don’t worry, we are just testing your security.” displayed the defaced Zuckerberg’s Pinterest account.

The group did not provide further information about the attack, they only clarified to haven’t used data from leaked databases.

The group admitted having exploited a flaw in Pinterest but avoided to reveal it.

“When pressed, the group said that it has “a exploit on Pinterest” but didn’t say how. The last time it said that it had exploited a platform, it turned out to be a fake.” wrote Whittaker.

The OurMine hacker group targeted many other high-profile users, the list of victims is very long and include names like Mark Zuckerberg, Twitter co-founder Evan Williams, David Guetta Daniel Ek, former Twitter CEO Dick Costolo, the CEO and founder of Spotify, Google CEO Sundar Pichai, and many others.

Which is the motivation?

It seems that the OurMine group is linked to a Security Firm that is trying to obtain notoriety from the attacks and is offering its services to the targets, that evidently need them to avoid further incidents.

One of the messages posted by the group states:

“We are just testing people security (sic), we never change their passwords, we did it because there is other hackers can hack them and change everything.”

Whittaker revealed that hackers also emailed his Zuckerberg’s username, and his password for his Twitter account. The OurMine group confirmed that Zuckerberg had enabled two-factor authentication after they hacked it for the first time.

The hackers disclosed more information, for example, they said the phone number associated with the account ended in “86”, while the current Twitter password was Zuckerberg’s former personal Gmail password, which was changed six months ago.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Sundar Pichai, OurMine Team)