A three-person team of teen hackers called OurMine have added the Quora account of Google’s CEO Sundar Pichai to their list of hacked social media profiles. After breaking into the account on the question-and-answer site on Sunday, the group wrote they aimed at testing the profile’s security.

OurMine promises that more targets will follow. Other victims already on the list of prominent tech executives whose accounts have been hacked include Facebook CEO Mark Zuckerberg, whose password was “dadada.” The hackers said earlier this month that they were able to take over the profile due to the weakness of the password. In Pichai’s case, the group limited itself to say that the site’s overall security was fragile.

Sundar-Pinchai-google
Sundar Pichai talks during a conference during the Mobile World Congress, the world’s largest mobile phone trade show in Barcelona. Credit: AP Photo/Manu Fernandez, File

OurMine clarified that the vulnerability on Quora’s site had enabled them to access the account and remarked that they had not reused a password from a recent breach.

“We are just testing your security,” OurMine wrote on Pichai’s Quora and the message was auto-posted on the executive’s Twitter timeline.

They started by posting the question “Is it possible to force my Android app users of all version [sic] to update the app?” plus a promotion for their website, which offers services to protect social media accounts. The posts have been deleted from Pichai’s profiles.

The purpose of the attacks

Last week, OurMine claimed to have broken into the Twitter accounts of Spotify CEO Daniel Ek and movie star Channing Tatum. They had taken over the Twitter account of Amazon CTO Werner Vogels earlier that week, but Vogels said his Bitly account was the one that had been hacked.

OurMine usually tweet out porn or messages promoting racism on the hacked profiles. No sensitive data has been stolen by the three teenagers, but they say they will continue to take over other Silicon Valley types, who are most likely wondering who will be the next victim.

“We are just trying to tell everyone that nobody is safe!” OurMine told ComputerWorld via email.

OurMine’s primary purpose is to promote their services. They have tweeted that users have the opportunity to upgrade their security on social media accounts by paying $99 or $1000 if they want to be able to scan a website for vulnerabilities, according to ComputerWorld. The group claimed to have made $18,400 so far.

As of Monday, OurMine has 34 customers, as a member told TechCrunch. The site reported that the group dropped the price of social media scanning to $30 “because it was too expensive. The offer might be attractive, but TechCrunch noted that giving credit card or any payment information to hackers does not sound like a very smart decision.

It remains unknown where the three-person team is based. A hacker traced the site’s IP address to Saudi Arabia, but an OurMine member confirmed to TechCrunch that there are no members of the group from Saudi Arabia or Russia.

Recommendations to prevent hacks

In order to improve security on social media platforms, users are advised not to use weak passwords such as “dadada,” but to be creative and use strong combinations of characters instead. Having the same password on multiple sites is also considered a sin regarding online security, which is why users are recommended to have a different one for each site or at least substantial variations of the same idea.

Two-factor authentication is available on many sites and users should take advantage of it to keep their accounts protected. Reviewing the third-party apps that have direct access to their accounts is also an important habit that can help improve online security.

Source: Computer World