Google CEO, Sundar Pichai has become the latest celebrity to fall prey to the piracy group OurMine Security, apparently due to a vulnerability in Bitly URL shortening service.
On Monday morning, Pichai tweeted the message: "Hey, it's OurMine, we're just testing your security, to improve your security, visit our website," and posted a statement similar to your Quora. That was removed a couple of minutes later, but put the CEO of the company of a number of other celebrities that have been manipulated by the same group in recent weeks.
Facebook CEO Mark Zuckerberg was one of the first victims of OurMine, in early June. Your Twitter and Pinterest accounts were cut, with a tweet sent from the first developer that your password (apparently "given") is in a database of user data stolen from LinkedIn in 2011.
Since then, the group has hacked others, including former Twitter boss Dick Costolo (who had messages sent from his Twitter and Pinterest accounts), young adult novelist Hank Green, Mark Zuckerberg's sister Randi Zuckerberg, and actor Channing Tatum .
A common thread among some - but not all - of the cuts is the presence of Bitly link shortening service. When journalist Matthew Yglesias was hacked on Saturday, for example, OurMine announced its success with the now standard "Checking the security" tweet.
The Twitter API index reveals that pio Yglesias is sent through Bitly, a butter link service that was particularly popular on Twitter counted all the characters of a URL address against its limit of 140 characters. Many Twitter users, especially those who have been on the social network for a long time, have given Bitly permission to read and write tweets, and that seems to be failing now.
As messages sent to hacked accounts show, OurMine is willing to build the publicity of its courts. One member of the group makes a point of sending a notification about each one through a direct Twitter message, and explained that the Tatum Hack, like that of Yglesias, involved Bitly.
Ad
"We hacked his Bitly and there was his password in gmail, and we hacked into his Gmail and the stored passwords of his browser were verified and he gave us his Twitter password," said the hacker. "We have a bit.ly vulnerability."
Bitly deny any vulnerability, however, instead of saying that the problem is, once again, the reuse of passwords. "We are not aware of any Bitly security vulnerabilities," the company said. "We identified a very small number of accounts that are accessed directly through compromised credentials.These accounts had log-in user credentials that have not been registered in as it forced the consolidation of our password encryption requirements and the In addition, they do not have two-factor authentication enabled. "
"As we continually update our technology to maintain the best security practices and the most powerful encryption solutions, we also remind our users to update their passwords frequently, use strong passwords that are harder to compromise, do not repeat passwords that have been used in Bitly before or shared with any other service and, finally, to enable two-factor authentication, "Bitly added.
Bitly has not been involved in every cut, as the group's attack on Mark Zuckerberg proved. A similar link to Quora has been observed, with Pichai and technologist Anil Dash seeing his accounts hit through that service. The attacks should raise alarm bells for users who have insecure accounts, perhaps because of weak or reused passwords, linked to crucial social media services such as Facebook and Twitter. Interested users can disable integrations with companies linked in the "applications" subsection of their Twitter and Facebook settings.