Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com)

Posted by msmash on from the another-day,-another-hack dept.

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.

8 of 24 comments (clear)

  1. Quora? Quota? by Anonymous Coward · · Score: 1

    Which is it, Quora (title) or Quota (summary)?

  2. Just look at his quora questions: by Anonymous Coward · · Score: 2, Funny

    How do I CEO?

    How can I make employees work for less money?

    Should I buy nest thermometer?

    How to stop Google(tm) from blocking furry porn image search?

  3. Not Just IT Power Players by GTRacer · · Score: 1

    Ahhh I get it now. A few days ago, I saw weird messages from Ree Drummond, aka The Pioneer Woman. There were OurMine links in them (which I avoided).

    These guys sure are finding their way into a lot of accounts!

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
  4. Re:Huh? by AmiMoJo · · Score: 1

    Also, why doesn't Twitter support RFC 6238 for time based passwords, aka two factor authentication? They only support SMS, which can be expensive if you travel and means you have to give them your phone number.

    Come on Twitter, it's 2016.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Show me something... by swillden · · Score: 1

    If OurMine really wants to show its capability, it should hack Google accounts (Gmail / YouTube / G+, etc.). Thanks to all of the additional signals Google uses (even without 2FA), those are much tougher to get into.

    So far it just seems to be demonstrating that (a) accounts protected only by a password aren't very secure and (b) this is especially true of social media accounts, which most people don't see as important enough to justify using a particularly good password.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    1. Re:Show me something... by swillden · · Score: 1

      It is good to use 2FA but it isn't a security panacea. There are hacking teams that have broken it by calling up Verizon and claiming they're you, and then performing an sms password reset.

      Which is a good reason not to use SMS-based 2FA. Use the Google Authenticator app, or a Yubikey... or even a printed list of pre-generated codes.

      But 2FA is only one line of defense implemented by Google. There are a lot of behavioral signals as well, making Google accounts significantly harder to break into even without 2FA.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  6. This shows... by shumacher · · Score: 1

    ...that connecting sites, and allowing one site to post to another, increases your attack surface. It also shows that a failure to police these connections can increase risk as older services become "stale."

    Twitter, Facebook, et al should introduce security tools to help remind users. "Hey, you haven't used "Cartoon your face" in two years. Would you like to disable access to your account? You can always change it back later."

  7. Quora ? Quota ? by axis_omega · · Score: 1

    Please edit article link or title the two are probably not the same...

    --
    It's funny how I make sense to others and not myself...