Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo and Twitter CEOs Have Their Twitter Accounts Compromised

Posted by EditorDavid on from the tweet-revenge dept.

The man who sent Twitter's very first public tweet now also becomes the first Twitter CEO to have his own Twitter account compromised. An anonymous reader quotes a report from Digital Trends about this weekend's wave of high-profile attacks: At 2:50 a.m. ET, a tweet reading, "Hey, its OurMine, we are testing your security" and linking to the group's website was briefly posted, and while it was soon deleted, identical tweets continued to appear... The group has previously taken over other social media accounts, including Google's Sundar Pichai's Quora account, and Mark Zuckerberg's Instagram, LinkedIn, Pinterest, and Twitter accounts...

Dorsey also wasn't the only tech heavy hitter whose Twitter account was breached during that 24-hour period. Yahoo CEO Marissa Mayer and venture capitalist Vinod Khosla also saw breaches to their accounts, both of which were attributed to OurMine.
The Tweets may have come from Vine, according to Digital Trends, "which suggests that Dorsey was either using an old or shared password on the video network, or had otherwise connected his account to a compromised service...it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack..."

43 comments

  1. In other news by Anonymous Coward · · Score: 0, Insightful

    AAC gets first post. Sky is blue. Rain is wet.

    1. Re: In other news by Anonymous Coward · · Score: 1

      It's a bright day for lossless audio!

    2. Re: In other news by SeaFox · · Score: 1

      That's ALAC, or FLAC. AAC isn't lossless.

    3. Re: In other news by Anonymous Coward · · Score: 0

      D'oh!

    4. Re: In other news by Anonymous Coward · · Score: 0

      I thought AFLAC was a duck?

  2. Claiming... by SeattleLawGuy · · Score: 3, Funny

    Claiming you are testing security by breaking into companies' networks to advertise your product is not a great idea.

    --
    Real lawyers write in C++
    1. Re:Claiming... by gweihir · · Score: 1

      Indeed. It is however something people with big egos, high intelligence and absolutely no wisdom whatsoever try time and again.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Claiming... by Anonymous Coward · · Score: 0

      I doubt the high intelligence part, it could easily have been farmed out to the lowest bidder script farm in Russia.

    3. Re:Claiming... by gweihir · · Score: 1

      Well, the "high intelligence" part here is somewhat variable.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Brands get hacked because Twitter can't TOTP/U2F by tepples · · Score: 0

    If only Twitter supported 2-factor authentication methods other than SMS to a unique phone number...

  4. Can't Trust Institutions of Man by Anonymous Coward · · Score: -1

    Many of us put our trust in businesses and governments to keep us safe. We expect that the personal information we give to businesses and governments won't be compromised or used against us. We trust them to be responsible and honest with us, keeping their promises and acting honorably. Most of us do that to some degree, even if our trust is placed in things like open source software.

    I have news for you: no matter what institutions of man you place your trust in, it is misplaced. Man cannot be trusted to do the right thing. Man, by himself, is only capable of evil, not good. If we want to truly be able to trust, we must place that trust in God and his only son, Jesus Christ. If we attempt to place our trust in anything built by man, we will only be disappointed.

    If you'd like to place your trust in Jesus Christ, you must repent and be born again. When you trust in Jesus Christ, the institutions of man will no longer matter and you will invest in things that matter in eternity. If you want everlasting life, you must accept Jesus Christ as your personal savior and you must be born again. There is no other way.

    - Pastor Mitch

    1. Re:Can't Trust Institutions of Man by Anonymous Coward · · Score: 0

      Sorry Mitch, I like eating shellfish and wearing wool socks with leather shoes.

    2. Re:Can't Trust Institutions of Man by Anonymous Coward · · Score: 0

      Sorry Mitch, I like eating shellfish and wearing wool socks with leather shoes.

      I see you like to keep your feet warm. Well, they'll be nice and toasty IN HELL!!

      - Pastor Mitch

    3. Re: Can't Trust Institutions of Man by Anonymous Coward · · Score: 0

      Yeah but wtf is Jesus going to do about my Twitter security?

      Sincerely,
      - Pastor Bitch

    4. Re: Can't Trust Institutions of Man by Anonymous Coward · · Score: 0

      Is butt fucking ok if I don't do it on Sunday?

  5. I hope it's a social engineering service hack by jandrese · · Score: 1, Insightful

    It would be hilarious if they called support claiming to be Jack Dorsey and got the CSR to reset the password.

    The CSRs are really the weak link for so many of these hacks. All of the two factor and out of band authentication in the world can't help you if the level 1 phone support just hands your account over to anybody who can do some basic research.

    --

    I read the internet for the articles.
    1. Re:I hope it's a social engineering service hack by gweihir · · Score: 1

      Very much so. I lost some passwords some time ago (dead disk and I had not included these in the backups by accident) and was very surprised how easy it was to get my accesses back.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:I hope it's a social engineering service hack by wbr1 · · Score: 2

      Some of the more recent hacks are CSRs but not for twitter or the hacked account location. Thy have been performed by social engineering the account holders cellphone provider. Then you can get a sim with their number. Once that is done anything with 2 factor on that phone is gone. Also if that phone is used for password recovery of any accounts they are done for.

      --
      Silence is a state of mime.
    3. Re:I hope it's a social engineering service hack by Anonymous Coward · · Score: 0

      In a recent wave of hacks, attackers get replacement SIM cards and use them to receive verification SMS and thereby compromise two-factor authentication.

  6. Not really by Anonymous Coward · · Score: 0

    it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack.

    Perhaps he's simply more aware than most of how useless Twitter really is and wasn't too concerned about securing his account.

  7. everybody: meet pwgen. pwgen, meet everybody. by Anonymous Coward · · Score: 0

    $ sudo apt-get install pwgen
    $ pwgen 18

    All the password security you need for most purposes, at your fingertips. There's no reason to use shared and/or easily guessable passwords, except laziness.

    1. Re: everybody: meet pwgen. pwgen, meet everybody. by Anonymous Coward · · Score: 0

      I ran it and it gave me "12345"

      That's amazing, I got the same combination on my luggage.

  8. Twitter by Anonymous Coward · · Score: 0

    Twitter is for twits. And it looks like the security of Twitter is going into the shitter

  9. A CEO? Yeah? Whatcherpoint? :) by Xtifr · · Score: 1

    Why would anyone expect a CEO—even of a tech company—to have any idea about computer security? That's like expecting a POTUS to have a deep knowledge of battlefield strategy, simply because they're Commander-in-Chief of the US Armed Forces.

    1. Re: A CEO? Yeah? Whatcherpoint? :) by Anonymous Coward · · Score: 0

      Except in both examples you mentioned, they should.

    2. Re: A CEO? Yeah? Whatcherpoint? :) by Anonymous Coward · · Score: 0

      You don't understand what executives really do, do you? Key skill is delegation, because decisions are best made at lower levels than higher - it keeps the responsibility where it belongs.

    3. Re:A CEO? Yeah? Whatcherpoint? :) by FlyHelicopters · · Score: 1

      Why would anyone expect a CEOâ"even of a tech companyâ"to have any idea about computer security? That's like expecting a POTUS to have a deep knowledge of battlefield strategy, simply because they're Commander-in-Chief of the US Armed Forces.

      I fully expect both to have a high level knowledge of both...

      That goes double and triple for a POTUS... But perhaps that is why I'm not POTUS, because if I was, I'd want to learn it... at least well enough to know that my Generals know what the hell they are talking about (usually).

      History is filled with idiots (Hitler) who thought their "gut instinct" was a suitable replacement for generalship... it isn't...

      Stalin was the same way, but he bought a clue and finally backed off and let Generals like Georgy Zhukov start to run things. Once he did that, he started winning.

      Likewise, when Roosevelt allowed Eisenhower to do his General thing, it generally worked out pretty well.

      If George W. Bush had listened to Colin Powell instead of Donald Rumsfeld then perhaps Iraq would have gone very differently...

      Powell was a professional soldier for 35 years, Rumsfeld was a businessman who thought he knew what he was doing.

    4. Re:A CEO? Yeah? Whatcherpoint? :) by Anonymous Coward · · Score: 0

      Maybe he really got pwnt because the janitor looked at the sticky note under his keyboard.

    5. Re:A CEO? Yeah? Whatcherpoint? :) by Zontar+The+Mindless · · Score: 1

      Stalin was smart--he let the generals win the war first, *then* had them shot.

      --
      Il n'y a pas de Planet B.
    6. Re:A CEO? Yeah? Whatcherpoint? :) by FlyHelicopters · · Score: 1

      Stalin was smart--he let the generals win the war first, *then* had them shot.

      Would that be why he had the massive purges in the 1930s which gutted the Red Army, then he demanded no retreat in 1941 leading to some of the largest military defeats in history? In the fall of 1941, about 600,000 Red Army soldiers were lost around Kiev alone, which Hitler called "the greatest battle in history".

      For a short period of time after that, the Red Army no longer numbered the Germans, and there were no more reserves.

      Stalin came close to losing it all, but then he started to listen to his generals and they turned it around for him.

      Hitler actually restrained himself somewhat in the early years and let his generals do their thing, but the more the Germans won, the more he assumed it was because of him, and not them. Like I said, he was an idiot...

    7. Re:A CEO? Yeah? Whatcherpoint? :) by Anonymous Coward · · Score: 0

      If George W. Bush had listened to Colin Powell instead of Donald Rumsfeld then perhaps Iraq would have gone very differently...

      Powell was a professional soldier for 35 years, Rumsfeld was a businessman who thought he knew what he was doing.

      This is where you're wrong. There was no problem with the military operations per se, in Iraq, there is no problem today either, the problem was, and always will be, the political. Not only is there a lack of abiding support in America for anything, there is was no clear path to a desired outcome.

      Neither Rumsfeld or Powell was much good on that. I'm not sure Kissinger, Rice, or Albright would have been better though, I don't think any of them had a clue what to do.

      I'd have think hard on who would have had good advice. I suppose it depends on the desired outcome.

  10. meanwhile... by Anonymous Coward · · Score: 0

    google goes into lockdown mode if you so much as sneeze while logging in, requiring a security question response or other bullshit; even if you're on the same fucking computer, using the same fucking browser, and are on the same fucking ip address as you were last time you logged-in successfully. .

  11. hello by marcello_dl · · Score: 2

    Hey, its OurMine, we are testing your security

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
    1. Re:hello by marcello_dl · · Score: 1

      I thought 12345 was safe enough.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  12. Social Network Social Media by Anonymous Coward · · Score: 0

    There are no social media accounts they are social network accounts.

    Get it fucking right!

  13. Re:Brands get hacked because Twitter can't TOTP/U2 by allo · · Score: 1

    even google doesn't let you use google authenticator without activating your phone number first.

  14. Re:Brands get hacked because Twitter can't TOTP/U2 by tepples · · Score: 1

    The differences between the two are that Google is more likely to allow landlines, and Google is more likely to allow authentication on multiple accounts per phone number.

  15. What's really lame by Anonymous Coward · · Score: 0

    Is how twitter hides tons of filtering options until you become a premium verified user

  16. OurMine is just another name for Anonymous by Anonymous Coward · · Score: 0

    They are Israel state-sponsored. They are flexing their muscles against the USA government because they see weakness right now in their intelligence services. The CIA have been going rogue to the point there are barely any field agents left.

    1. Re: OurMine is just another name for Anonymous by DEN_GUY · · Score: 1

      Dude, you HAVE to stop listening to Alex Jones.

    2. Re: OurMine is just another name for Anonymous by Anonymous Coward · · Score: 0

      I don't. Alex Jones is CIA.

  17. I love that they hacked Khosla by Anonymous Coward · · Score: 0

    He's such a dweeb!

  18. Re:Brands get hacked because Twitter can't TOTP/U2 by allo · · Score: 1

    But i don't want either one to have my number. And for non-us citizens google voice is no option either ...