Twitter accounts of The Olympics and FC Barcelona hijacked by OurMine hacking group
The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang.
But rather than abuse their access to the high profile accounts (@Olympics has six million followers, and @FCBarcelona has a jaw-dropping 31.9 million Twitter fans) to spread malicious links or scams, the OurMine hacking collective posted messages this weekend cheekily suggesting that the brands might want to improve their account security.
The account takeover must have been particularly embarrassing for FC Barcelona, which previously had its Twitter account fall foul of OurMine in 2017, when the hackers posted a message claiming a player from arch-rival Real Madrid had been signed-up to play for the football team.
OurMine almost apologetically referenced its previous successful compromise of FC Barcelona’s account, saying that the security was “better but still not the best.”
This is becoming something of a habit for FC Barcelona’s Twitter account. I recall that way back in 2014, the world-famous football club had its account hijacked by the notorious Syrian Electronic Army who, amongst other things, sent a “Special hi to Real Madrid.”
These latest compromises of the Olympics and FC Barcelona Twitter accounts do not appear to have involved the guessing or cracking of Twitter login passwords.
Instead, what links the unauthorised tweets are that they were posted via a third-party app – Audiense Connect.
Audiense Connect is a third-party Twitter marketing platform used by big brands to measure how well they are engaging with their audiences on the social network.
In a tweet posted this weekend, Audiense confirmed that it had suffered a security breach.
In subsequent updates, Audiense said that no passwords or financial information had been compromised. The company says that only three of its clients were affected.
The attack came one week after a similar attack by OurMine which saw the hackers post unauthorised messages from Facebook’s official Twitter account. That attack was possible because the hackers had broken into the account of a different third-party app, Khoros.
Clearly OurMine is finding all of this hacking pretty amusing, and are currently concentrating their efforts on third-party social media apps used by big brands.
If you use such services to communicate with your customers and to promote your firm’s brand online I would strongly recommend ensuring that you are following best practices in terms of strong, unique passwords and the use of two-factor authentication.
With layered security you can make it much more difficult for hacking groups like OurMine to send an unauthorised message to your brand’s millions of fans.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021