We suppose it was inevitable, but the latest hacking of a high-profile Twitter account has occurred, and it's hit the company's CEO Jack Dorsey. After the hackers posted a few benign video clips, a tweet went up at 2:50AM ET saying "Hey, its OurMine,we are testing your security" and linking to their website. That tweet was quickly deleted, but it also linked to a short Vine clip which we've embedded below, and identical tweets continued to replace it. Hackers using the name OurMine have previously taken over some social media accounts of other CEOs, like Google's Sundar Pichai (via a Quora account) and Facebook's Mark Zuckerberg, but going after this CEO on his own platform -- he sent the first public tweet -- seems new.
All of the OurMine messages posted to Dorsey's account (which, as of 3:25AM or so appears to have been scrubbed of the hacker's tweets), came through from Vine. It's possible Dorsey had an old/shared password on his Vine account or somehow connected it to another service that was compromised, which could've given OurMine access and matches what we've seen in previous hacks.
However it happened, this problem appears to be growing. While hacked social media accounts anywhere are common, there's been a run on Twitter accounts lately, from Katy Perry to Deray Mckesson. We've contacted Twitter to see if there's any information on how this happened, but if you're concerned about your account, here are a few things I can think of that you can and should do.
- Make sure you're using a unique password for every site, if that sounds difficult then try using a password manager like 1Password or LastPass.
- Make sure all of your contact and recovery information is correct.
- Turn on two-factor authentication for services that have it -- there's a list available here.
- If a service only supports two-factor authentication via text message, then contact your phone company to put a password or PIN on your account that's not your social security number.
- Check the list of apps connected to your account under Settings here. If there's a service that's old, out of use or that you don't recognize then disconnect it, if you need it then you can reconnect it later.