The infamous group of hackers who call themselves OurMine have struck again, and this time Netflix took a hit, along with Marvel on Wednesday 22 December. Their tweets read “Don’t worry, we are just testing your security,” in a bid to highlight the flaws in their social media security. After Netflix were caught in a tennis match all day deleting tweets which kept reappearing, Ourmine switched it up and began targeting several of Marvel’s Twitter accounts as well, including their main feed and the accounts for several characters such as The Avengers, Captain America and Dr Strange.
Par for the course for OurMine, the hijack was a means to promote their Web Security services, in a bid to get Netflix to get in touch with them about how their security can be tightened up. Whoever is in charge of Netflix’s social media management got off pretty lightly, considering their following of over 2.5 million followers in the US. Although this time the hack was harmless, similar hacks have been used to spread propaganda and false “news.”
The US Twitter account of Netflix was hacked by Ourmine on Wednesday
Earlier this year OurMine put themselves on the map by being responsible for shutting Pokemon Go down in the summer, in a bid to get Niantic’s attention. Other high profile hacks they are responsible for include Twitter’s Ceo Jack Dorsey, Facebook’s Mark Zuckerberg, Google’s CEO, Sundar Pichai and even Variety’s Twitter account got hacked this year. The hackers don’t appear to be malicious though; they claim that they are providing a service by highlighting flaws in their security processes.
Ourmine – What’s Their Game?
OurMine’s aim is to find and exploit security flaws or weak passwords, or attack via apps which Twitter has granted access to, in order to highlight the need for OurMine’s Web Security products and services. The hacking group claims that if they don’t boot games offline, or break into high-profile celebrity attacks, then someone will; and they may not be so friendly. A visit to OurMine’s website will reveal that their offerings include a vulnerability assessment, as well as social media account and email security.
So What Have We Learned?
The first line of defense against attacks such as these is through the use of Twitter’s two-factor authentication. You should also keep a close eye on the third party applications which have permission and access to your account. Whether Netflix had two-factor authentication on their Twitter account or not has not yet been confirmed, but the @Netflix feed was back to business as normal by Wednesday afternoon.