Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com)

← Back to Stories (view on slashdot.org)

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com)

Posted by msmash on Monday June 27, 2016 @04:40AM from the another-day,-another-hack dept.

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.

24 comments

Min score:

Reason:

Sort:

schadenfreude by Anonymous Coward · 2016-06-27 04:46 · Score: 0

... reigns :)
Quora still kicking? by Anonymous Coward · 2016-06-27 04:51 · Score: 0

I'm always amused when I hear about Quora. I guess when you've raised an absurd amount of money you can last a long time. Have the people working there ventured out of Facebook onto the wild west of the web yet? That's what it seems like, a web site built by people who have never used the web.
Personally, I got so fed up with their B.S. I mapped quora.com to 127.0.0.1 so their site frustrates me no longer. I wish them the best of luck.
1. Re:Quora still kicking? by ArchieBunker · 2016-06-27 05:10 · Score: 0
  
  I kept having Quora turn up in my search results and it looked like a newer version of Yahoo Answers. It's now in my personal blocklist.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
Quora? Quota? by Anonymous Coward · 2016-06-27 04:52 · Score: 1

Which is it, Quora (title) or Quota (summary)?
1. Re:Quora? Quota? by Anonymous Coward · 2016-06-27 04:58 · Score: 0
  
  Which is it Editor? Ediror?
Just look at his quora questions: by Anonymous Coward · 2016-06-27 04:52 · Score: 2, Funny

How do I CEO?
How can I make employees work for less money?
Should I buy nest thermometer?
How to stop Google(tm) from blocking furry porn image search?
1. Re:Just look at his quora questions: by Anonymous Coward · 2016-06-27 05:41 · Score: 0
  
  How do I CEO?
  Sorry, you can't CEO. But EO can CU.
2. Re:Just look at his quora questions: by Anonymous Coward · 2016-06-27 06:51 · Score: 0
  
  EIEIO
  - Old MacDonald
Wrong thenextweb story by Anonymous Coward · 2016-06-27 04:53 · Score: 0

http://thenextweb.com/insider/2016/01/28/how-the-fbi-became-the-worlds-largest-distributor-of-child-sex-abuse-imagery/
it wuz teh haxx! by Anonymous Coward · 2016-06-27 04:55 · Score: 0

Let's invoke the unknowable for grate informashiun... or not.
Huh? by Anonymous Coward · 2016-06-27 04:56 · Score: 0

From the Fine Article:

The group also noted that it managed to break into Pichai’s account by exploiting a vulnerability in Quora’s platform – one that it claims to have reported to the company, with no response.
Naturally, if you’re on Quora, you’ll want to change your password right away and make sure it isn’t the same as what you for other services.
So, I understand why you would want to make sure your Quora password is different from other passwords, but what is the point of changing your password on a vulnerable system? Maybe once the vulnerability is fixed... but right away?
1. Re:Huh? by AmiMoJo · 2016-06-27 05:06 · Score: 1
  
  Also, why doesn't Twitter support RFC 6238 for time based passwords, aka two factor authentication? They only support SMS, which can be expensive if you travel and means you have to give them your phone number.
  Come on Twitter, it's 2016.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Not Just IT Power Players by GTRacer · 2016-06-27 05:05 · Score: 1

Ahhh I get it now. A few days ago, I saw weird messages from Ree Drummond, aka The Pioneer Woman. There were OurMine links in them (which I avoided).

These guys sure are finding their way into a lot of accounts!

--
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
Real issue is that he has a Quora account by Anonymous Coward · 2016-06-27 05:08 · Score: 0

Quora is the worst.
1. Re: Real issue is that he has a Quora account by Anonymous Coward · 2016-06-27 08:00 · Score: 0
  
  Quora was made by former Facebooker who blew the whistle on Facebook's NSLs
Quora? Quota? Which is it? by Anonymous Coward · 2016-06-27 05:24 · Score: 0

Quora? Quota? Which is it?
Show me something... by swillden · 2016-06-27 05:55 · Score: 1

If OurMine really wants to show its capability, it should hack Google accounts (Gmail / YouTube / G+, etc.). Thanks to all of the additional signals Google uses (even without 2FA), those are much tougher to get into.
So far it just seems to be demonstrating that (a) accounts protected only by a password aren't very secure and (b) this is especially true of social media accounts, which most people don't see as important enough to justify using a particularly good password.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
1. Re:Show me something... by Anonymous Coward · 2016-06-27 07:38 · Score: 0
  
  It is good to use 2FA but it isn't a security panacea. There are hacking teams that have broken it by calling up Verizon and claiming they're you, and then performing an sms password reset.
2. Re:Show me something... by swillden · 2016-06-27 14:45 · Score: 1
  
  It is good to use 2FA but it isn't a security panacea. There are hacking teams that have broken it by calling up Verizon and claiming they're you, and then performing an sms password reset.
  Which is a good reason not to use SMS-based 2FA. Use the Google Authenticator app, or a Yubikey... or even a printed list of pre-generated codes.
  But 2FA is only one line of defense implemented by Google. There are a lot of behavioral signals as well, making Google accounts significantly harder to break into even without 2FA.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
This shows... by shumacher · 2016-06-27 06:08 · Score: 1

...that connecting sites, and allowing one site to post to another, increases your attack surface. It also shows that a failure to police these connections can increase risk as older services become "stale."
Twitter, Facebook, et al should introduce security tools to help remind users. "Hey, you haven't used "Cartoon your face" in two years. Would you like to disable access to your account? You can always change it back later."
Quora ? Quota ? by axis_omega · 2016-06-27 06:13 · Score: 1

Please edit article link or title the two are probably not the same...

--
It's funny how I make sense to others and not myself...
Hmmm by Anonymous Coward · 2016-06-27 07:57 · Score: 0

dadada?
Jeff Goldblum? by Anonymous Coward · 2016-06-27 11:23 · Score: 0

Is it just me or does this guy look like an Indian version of Jeff Goldblum?