Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo and Twitter CEOs Have Their Twitter Accounts Compromised

Posted by EditorDavid on from the tweet-revenge dept.

The man who sent Twitter's very first public tweet now also becomes the first Twitter CEO to have his own Twitter account compromised. An anonymous reader quotes a report from Digital Trends about this weekend's wave of high-profile attacks: At 2:50 a.m. ET, a tweet reading, "Hey, its OurMine, we are testing your security" and linking to the group's website was briefly posted, and while it was soon deleted, identical tweets continued to appear... The group has previously taken over other social media accounts, including Google's Sundar Pichai's Quora account, and Mark Zuckerberg's Instagram, LinkedIn, Pinterest, and Twitter accounts...

Dorsey also wasn't the only tech heavy hitter whose Twitter account was breached during that 24-hour period. Yahoo CEO Marissa Mayer and venture capitalist Vinod Khosla also saw breaches to their accounts, both of which were attributed to OurMine.
The Tweets may have come from Vine, according to Digital Trends, "which suggests that Dorsey was either using an old or shared password on the video network, or had otherwise connected his account to a compromised service...it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack..."

18 of 43 comments (clear)

  1. Re: In other news by Anonymous Coward · · Score: 1

    It's a bright day for lossless audio!

  2. Claiming... by SeattleLawGuy · · Score: 3, Funny

    Claiming you are testing security by breaking into companies' networks to advertise your product is not a great idea.

    --
    Real lawyers write in C++
    1. Re:Claiming... by gweihir · · Score: 1

      Indeed. It is however something people with big egos, high intelligence and absolutely no wisdom whatsoever try time and again.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Claiming... by gweihir · · Score: 1

      Well, the "high intelligence" part here is somewhat variable.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Re: In other news by SeaFox · · Score: 1

    That's ALAC, or FLAC. AAC isn't lossless.

  4. I hope it's a social engineering service hack by jandrese · · Score: 1, Insightful

    It would be hilarious if they called support claiming to be Jack Dorsey and got the CSR to reset the password.

    The CSRs are really the weak link for so many of these hacks. All of the two factor and out of band authentication in the world can't help you if the level 1 phone support just hands your account over to anybody who can do some basic research.

    --

    I read the internet for the articles.
    1. Re:I hope it's a social engineering service hack by gweihir · · Score: 1

      Very much so. I lost some passwords some time ago (dead disk and I had not included these in the backups by accident) and was very surprised how easy it was to get my accesses back.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:I hope it's a social engineering service hack by wbr1 · · Score: 2

      Some of the more recent hacks are CSRs but not for twitter or the hacked account location. Thy have been performed by social engineering the account holders cellphone provider. Then you can get a sim with their number. Once that is done anything with 2 factor on that phone is gone. Also if that phone is used for password recovery of any accounts they are done for.

      --
      Silence is a state of mime.
  5. A CEO? Yeah? Whatcherpoint? :) by Xtifr · · Score: 1

    Why would anyone expect a CEO—even of a tech company—to have any idea about computer security? That's like expecting a POTUS to have a deep knowledge of battlefield strategy, simply because they're Commander-in-Chief of the US Armed Forces.

    1. Re:A CEO? Yeah? Whatcherpoint? :) by FlyHelicopters · · Score: 1

      Why would anyone expect a CEOâ"even of a tech companyâ"to have any idea about computer security? That's like expecting a POTUS to have a deep knowledge of battlefield strategy, simply because they're Commander-in-Chief of the US Armed Forces.

      I fully expect both to have a high level knowledge of both...

      That goes double and triple for a POTUS... But perhaps that is why I'm not POTUS, because if I was, I'd want to learn it... at least well enough to know that my Generals know what the hell they are talking about (usually).

      History is filled with idiots (Hitler) who thought their "gut instinct" was a suitable replacement for generalship... it isn't...

      Stalin was the same way, but he bought a clue and finally backed off and let Generals like Georgy Zhukov start to run things. Once he did that, he started winning.

      Likewise, when Roosevelt allowed Eisenhower to do his General thing, it generally worked out pretty well.

      If George W. Bush had listened to Colin Powell instead of Donald Rumsfeld then perhaps Iraq would have gone very differently...

      Powell was a professional soldier for 35 years, Rumsfeld was a businessman who thought he knew what he was doing.

    2. Re:A CEO? Yeah? Whatcherpoint? :) by Zontar+The+Mindless · · Score: 1

      Stalin was smart--he let the generals win the war first, *then* had them shot.

      --
      Il n'y a pas de Planet B.
    3. Re:A CEO? Yeah? Whatcherpoint? :) by FlyHelicopters · · Score: 1

      Stalin was smart--he let the generals win the war first, *then* had them shot.

      Would that be why he had the massive purges in the 1930s which gutted the Red Army, then he demanded no retreat in 1941 leading to some of the largest military defeats in history? In the fall of 1941, about 600,000 Red Army soldiers were lost around Kiev alone, which Hitler called "the greatest battle in history".

      For a short period of time after that, the Red Army no longer numbered the Germans, and there were no more reserves.

      Stalin came close to losing it all, but then he started to listen to his generals and they turned it around for him.

      Hitler actually restrained himself somewhat in the early years and let his generals do their thing, but the more the Germans won, the more he assumed it was because of him, and not them. Like I said, he was an idiot...

  6. hello by marcello_dl · · Score: 2

    Hey, its OurMine, we are testing your security

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
    1. Re:hello by marcello_dl · · Score: 1

      I thought 12345 was safe enough.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  7. Re:Brands get hacked because Twitter can't TOTP/U2 by allo · · Score: 1

    even google doesn't let you use google authenticator without activating your phone number first.

  8. Re:Brands get hacked because Twitter can't TOTP/U2 by tepples · · Score: 1

    The differences between the two are that Google is more likely to allow landlines, and Google is more likely to allow authentication on multiple accounts per phone number.

  9. Re: OurMine is just another name for Anonymous by DEN_GUY · · Score: 1

    Dude, you HAVE to stop listening to Alex Jones.

  10. Re:Brands get hacked because Twitter can't TOTP/U2 by allo · · Score: 1

    But i don't want either one to have my number. And for non-us citizens google voice is no option either ...