They removed the article, but there is still a post on their front page: https://techcrunch.com/
This the version googled has cached:
https://webcache.googleusercontent.com/search?q=cache:JP0ef1CueKYJ:https://techcrunch.com/2016/07/26/ourmine-team-important-message/+&cd=3&hl=en&ct=clnk&gl=uk
I have been following the recent hacks by the OurMine group, and find it all fascinating.
If anyone knows more about the group, their motives and how they actually manage to compromise various high profile social media accounts and websites, please do share it here.
>I have been following the recent hacks by the OurMine group, and find it all fascinating.
Just some kids using someone elses tools to search through someone elses database collection. In this case the compromised journos password appears to have been "camus8" or "albertcamus8".
Seems to be done with a mix of compromised (reused) credentials and social engineering. Social media accounts in particular are quite vulnerable to social engineering since they are often tied to mobile devices and it's fairly easy to contact a network operator and set up a forwarding number or request a new SIM card etc which completely bypasses most 2FA solutions.
According to their website [1], they seem to be trying to establish a reputation for pentesting social-media and websites. What better way to garner interest than by hacking a couple major companies?
What I don't understand is how they think these "marketing" tactics will establish anything but a negative reputation for their brand. Seems to me like they are happily waving a massive red flag that says, "we break the law all the time and can't be trusted!"
The way the article is written, the writers can't seem to be able to get handle on why they hack the places they do and if they're black hats or white hats.
> But OurMine does offer some real security lessons, free of charge: Don’t reuse passwords between sites, set up two-factor authentication, and be aware that linking accounts can lead to unexpected security risks. Your Twitter account, as OurMine has successfully taught Sunder Pichai free of charge, is only as secure as the least-secure account that can post to it.
you say nothing to see here, but compromising high traffic sites with great potential for malware delivery to a large number of users shouldn't be a de-rigeur thing...
The fact that this has become the norm. should be a cause for concern.
The most popular method at the moment seems to be SEing phone companies into transferring the account to a phone owned by the attacker, therefore bypassing 2FA.
