No, the OurMine group isn't done defacing high-profile sites. Twitter has confirmed reports that OurMine hijacked accounts for both the Olympics and FC Barcelona on February 15th, using the opportunity to make a less-than-sincere offer to "improve your [account's] security" and, in the case of FC Barcelona, echo a rumor that star player Neymar would come back to the soccer team. Twitter said in a statement that OurMine had used a "third-party platform" to take control of the accounts, although it didn't name the platform or explain the group's methods. OurMine would only tell Business Insider that it used "security issues" with employees to gain access to a third-party app.
The social network said it locked down the accounts and was "working closely" with partners to restore them. The International Olympic Committee said it was "investigating a potential breach" into the accounts, while FC Barcelona said it would run a "cybersecurity audit" that included reviewing its "protocols and links with third-party tools."
These aren't the group's first sports account hijacks in recent memory. In January, OurMine compromised the accounts of multiple NFL teams, including 49ers and Chiefs, just ahead of the Super Bowl. They are some of the most prominent, however, and echo a familiar pattern: the perpetrators are hoping to seize on hot topics to grab the spotlight for a brief moment.
Such attacks might continue for a while. OurMine is believed to be located in Saudi Arabia, and has so far remained elusive. And while Twitter has bolstered its security in the past, it can't control third-party apps or outside employees.