|TechCrunch, a well-known technology website owned by Verizon, is so far the latest victim of the infamous hacking group. OurMine Security recently gained publishing access to the platform, which uses the content management system Wordpress, and posted its message on the front page.
The message was the following: “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.” This message was then promoted as a ticker, red top banner and a main story on the site’s front page. It appeared without the site going down, but was removed within two hours. However, the posting was showing in Google’s index and cache afterwards.
Industry observers confirm that the TechCrunch attack was latest in a number of high-profile compromises by OurMine hacking group. The list of their recent victims includes the social media accounts of Twitter boss Jack Dorsey, Facebook boss Mark Zuckerberg and Google boss Sundar Pichai.
Aside from hacking high-profile persons and tech sites, the hackers also claimed responsibility for a DDoS attack on Pokémon Go’s servers a few days ago. This particular attack against TechCrunch seems to have leveraged a contributor’s account, rather than a hack on the site’s Wordpress system. Before, the hackers have used weaker linked accounts to post to Twitter, instead of taking over the user’s social media accounts directly. In other words, they underscore the inherent flaws in linked systems: users’ accounts, or in this case the whole platform, is only as resilient as its weakest link.
As usual, security specialists recommend using two-step verification systems to help protect your social media accounts. As for TechCrunch, it is unknown whether writer accounts used such systems for access to the Wordpress backend.
Saturday, July 30th, 2016
|Any asshat can exploit a website. Jerks.||
Most Popular Stories