Another day, another OurMine hack. At least that’s been the notion of the past year, many of us in the cybersecurity community would say. So far in 2016, the infamous hacker group has made its rounds breaking and entering online accounts, from Mark Zuckerberg’s social profiles, to Minecraft accounts, to Business Insider’s website (just to name a few). Each scenario was a proclaimed white hat effort, aiming to test the password strength of influential accounts and showcase far-too-prevalent security weaknesses. The latest display from the OurMine team? The compromise of Netflix’s and Marvel’s Twitter accounts.
Here’s what happened: on Wednesday morning, Netflix’s Twitter account went rogue, and OurMine was behind the wheel. It all started with an announcement tweet from the group, claiming that they were “just testing [Netflix’s] security,” and invited the company to contact them for their security needs. Now, that’s quite a pitch.
Source: Netflix’s Twitter Account
The period of compromise was about 40 minutes, as a series of tweets coming from both OurMine and Netflix’s social media team were released in turns. By Wednesday afternoon, Netflix confirmed that complete control of the account had been restored.
What’s more, Marvel’s and the NFL’s Twitter account were taken over by OurMine that afternoon as well. One thing’s for sure: this team of hackers knows how to play to the audience. These high-profile accounts are just additions to their growing list of victims, all hacks meant to teach security lessons rather than do any meaningful harm.
In other words, this was an invasive, and frankly illegal, advertisement of their security services. However, such a back-handed effort draws attention to at least one thing—we all need to re-think the way we access our devices and apps. Especially when cybercriminals can get into an app either through a weak password, or a flimsy one from an authorized app, that happens to be connected (say, when your Facebook is connected to another service you use).
So, to stay secure when authorizing and accessing apps and services across devices, here are a couple tips:
- Give your passwords added muscle. Since OurMine consistently tries to prove a point about weak password practices, prove them wrong. Make your passwords complex and hard to guess, and change them often. Use upper and lowercase letters, and special characters to build your logins. Have trouble generating and remembering multiple passwords for you? Look to a password management solution.
- Use unique passwords across accounts. If you use the same password across all accounts, here’s the issue: once a hacker has one password, he has all of your passwords. One key that unlocks your entire digital kingdom. Using different passwords across all of your online accounts does indeed require additional effort, but the security armor it builds is worth it.
- Use multi-factor authentication. Multi-factor authentication requires multiple steps for a user to access an online account. A user’s identity is usually verified using something they have (a text to the user’s phone), and a factor unique to them physically (a fingerprint scan). Many devices today allow you to enable multi-factor authentication to access—take advantage of that feature!