[dineshp2]

I have been following the recent hacks by the OurMine group, and find it all fascinating.

If anyone knows more about the group, their motives and how they actually manage to compromise various high profile social media accounts and websites, please do share it here.

[ryanlol]

>I have been following the recent hacks by the OurMine group, and find it all fascinating.

Just some kids using someone elses tools to search through someone elses database collection. In this case the compromised journos password appears to have been "camus8" or "albertcamus8".

Don't reuse your passwords guys.

[busterarm]

Whatever service let someone get away with a 6-character password in 2016 should be put down.

[r1ch]

Seems to be done with a mix of compromised (reused) credentials and social engineering. Social media accounts in particular are quite vulnerable to social engineering since they are often tied to mobile devices and it's fairly easy to contact a network operator and set up a forwarding number or request a new SIM card etc which completely bypasses most 2FA solutions.

[anticore]

According to their website [1], they seem to be trying to establish a reputation for pentesting social-media and websites. What better way to garner interest than by hacking a couple major companies?

[1]: http://ourmine.org/

[joeyrideout]

What I don't understand is how they think these "marketing" tactics will establish anything but a negative reputation for their brand. Seems to me like they are happily waving a massive red flag that says, "we break the law all the time and can't be trusted!"

[bcook]

Why can't they be trusted? Because they break the law?

[tedunangst]

Some people believe if a person breaks one law, they may be more inclined to break other laws.

[bcook]

I was implying the question; does breaking laws makes someone untrustworthy?

[tedunangst]

Yes, no, maybe. Irrelevant from a marketing perspective. It doesn't matter if you're trustworthy. If you are perceived as untrustworthy, businesses won't want to hire you.

[at-fates-hands]

Here's a Wired article from June about them:

https://www.wired.com/2016/06/meet-ourmine-security-group-ha...

The way the article is written, the writers can't seem to be able to get handle on why they hack the places they do and if they're black hats or white hats.

[tedmiston]

Great piece.

> But OurMine does offer some real security lessons, free of charge: Don’t reuse passwords between sites, set up two-factor authentication, and be aware that linking accounts can lead to unexpected security risks. Your Twitter account, as OurMine has successfully taught Sunder Pichai free of charge, is only as secure as the least-secure account that can post to it.