OurMine Compromise Business Insider Website through Re-Used Password

Remember OurMine hackers? They are back with another hack and this time it’s Business Insider, an online news website.

Lately, quite a few bigwigs of entertainment and media industry have been targeted with cyber-attacks and Business Insider is the latest to join the list of victims. This Wednesday Business Insider website was hacked by a group famously known as OurMine. The attackers targeted the United States’ version of the website and edited some stories as well.

As it happens in a majority of cyber-attacks, this time to the hackers maintain that they attacked the website in order to test the security measures implemented by Business Insider.

They also posted that:

“We didn’t change your password or anything.”
Screenshot shared by OurMine

The company then sent out a push notification to users of Business Insider application. A message was also posted on the website for the users, which read:

“We apologize for the inconvenience, and are working on getting things back to normal as soon as possible.”

However, the attackers weren’t able to pull off this feat all by themselves because one of the employees at Business Insider is responsible for giving away the password. Reportedly, an employee at the company who had publishing privileges attempted to re-use the password on multiple websites.

It is a very important rule to never use the same password for logging into different websites as we don’t know what type of security measures are implemented and if the site is secure enough or not. The same mistake landed Business Insider into trouble.

Hackers are always hunting for weak passwords or they re-use old passwords identified from already hacked databases. These passwords are used over and over again to exploit people’s tendency of using similar passwords and the same strategy was adopted by OurMine to compromise Business Insider and the group remained successful.

OurMine is the same group who has been hacking social media accounts of high-profile tech celebrities by using old passwords from LinkedIn and MySpace data dumps. In the past couple of months, OurMine took over accounts of Pokémon Go’s creator John Hanke, Google’s CEO Sundar Pichai, Twitter’s CEO Jack Dorsey, Facebook’s CEO Mark Zuckerberg, Zach Klein, co-founder of video-sharing website Vimeo, Twitter account of Wikipedia founder Jimmy Wales and the Vine account of Amanda Cerny.

In the last couple of months, OurMine hackers also hacked famous websites including BuzzFeed and Variety magazines.

That’s why security experts always recommend keeping a strong password and using a unique password for every single account. You can use a password manager app too but choose the one that supports two-factor authentication.

Related Posts