Advertisement

OurMine 'hackers' are targeting news sites now

TechCrunch fell foul of an account takeover.

OurMine has been making quite a name for itself this summer, pulling off account takeovers of several high-profile targets. Celebrities have, for the most part, been the target, with the most recent attacks being on Sony's Shuhei Yoshida and Star Trek actor William Shatner. But today, OurMine gained access to the backend of Engadget's sister news site TechCrunch, marking a significant change in target.

OurMine considers itself an "elite" and "professional" hacker group, and aims to make money by charging companies and individuals to discover vulnerabilities in their account. We wrote extensively about its attempts to essentially extort companies last week, targeting high-profile accounts in order to promote its paid services.

Yet again, rather than being a bonafide hack, this seems to be a relatively simple case of gaining access via poor password practices. The group appears to have entered the site's CMS (content management system) via a writer's account. It's likely, although not sure, that the account in question used the same password across multiple services. OurMine published an article under the writer's name, put banners at the top of the site, and, as is par for course for the group, encouraged the owner of the account to write in to retrieve their accounts.

Because of the limited nature of the "hack," TechCrunch was able to quickly roll back the changes OurMine made to its site. The erroneous post was deleted within minutes, and the banners and other accoutrements added to its homepage were removed soon after. While TechCrunch says it's still looking into exactly what happened, it seems the situation is under control for now.

Update: TechCrunch has published a post-mortem on the attack, including the following statement:

"An unauthorized individual compromised the WordPress account of one of our TechCrunch writers and used the account to post a story. This was an isolated instance and we have secured the account. There was no risk posed to our readers or their data."