Facebook CEO Mark Zuckerberg’s Twitter, Pinterest, Instagram and LinkedIn accounts were allegedly hacked Sunday by a group believed to be from Saudi Arabia as a demonstration of the vulnerability of social media accounts, even for top tech leaders.
The OurMine Hacking Team apparently claimed the hack, thanks to the LinkedIn password dump a few weeks ago. According to a report on Vice’s Motherboard, a hacker going by the name of “Peace” was known for attempting to sell account details that included emails and partially hidden passwords for 117 million LinkedIn users. The intended buyer was allegedly the so-called “Dark Web”; the price, 5 bitcoin, or around $2,200, .
LinkedIn claimed that it had responded by invalidating the credentials and contacting affected members to reset their passwords. But it appears that Zuckerberg used the same password across multiple social media sites and did not change his sign login.
Embarrassing security lapses are nothing new for Zuckerberg. He was hacked in 2013 by an unemployed Palestinian, Khalil Shreateh.
The “OurMine Hacking Team” was first identified by the Twitter account it launched on March 31, 2015. Four months later, it pulled off a series of spectacular DDoS attacks against the financial sector’s processing of gaming services, according to Akamai’s PLXsert and CSIRT. It is unclear how much money OurMine stole or blackmail it pocketed, but group has announced it was giving the proceeds to the poor.
In a post called “The Truth Behind Team OurMine,” the Drama Alert blog estimated that OurMine consists of 3-5 people from Saudi Arabia, “which makes it very hard to find them.”
The “Essence of Zen” blog (EOZ) added that the group started out as a part of Anonymous, which is an international consortium of hackers without a centralized authority to manage every member.
The “OurMine Hacking Team” is believed to have rejected Anonymous’s morals requirements and went rogue in December of 2015 by threatening gaming sites, downing all of Twitter, and then booting WikiLeaks off the internet for a period of time.
The group claims that it hacked two of Zuckerberg’s social media accounts, supposedly to alert the Facebook founder to a security weakness by tweeting to Zuckerberg:
@finkd, we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm [directly message] us.”
Zuckerberg responded less than an hour later, telling the “skids” to leave him alone. But six minutes later, a tweet on Zuckerberg’s account revealed a password that OurMine claims to have acquired in last month’s database leak at LinkedIn.
Zuckerberg’s Twitter home page and his Pinterest account were quickly brought back under his control, and the hackers were suspended from Twitter late on June 5. But the group created a new Twitter account to complain it was just trying to be helpful by demonstrating how poor social media security is, even for supposed tech giants.