Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com) 24
Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.
Re: (Score:1)
I kept having Quora turn up in my search results and it looked like a newer version of Yahoo Answers. It's now in my personal blocklist.
Quora? Quota? (Score:1)
Which is it, Quora (title) or Quota (summary)?
Just look at his quora questions: (Score:2, Funny)
How do I CEO?
How can I make employees work for less money?
Should I buy nest thermometer?
How to stop Google(tm) from blocking furry porn image search?
Re: (Score:2)
Also, why doesn't Twitter support RFC 6238 for time based passwords, aka two factor authentication? They only support SMS, which can be expensive if you travel and means you have to give them your phone number.
Come on Twitter, it's 2016.
Not Just IT Power Players (Score:2)
These guys sure are finding their way into a lot of accounts!
Show me something... (Score:2)
If OurMine really wants to show its capability, it should hack Google accounts (Gmail / YouTube / G+, etc.). Thanks to all of the additional signals Google uses (even without 2FA), those are much tougher to get into.
So far it just seems to be demonstrating that (a) accounts protected only by a password aren't very secure and (b) this is especially true of social media accounts, which most people don't see as important enough to justify using a particularly good password.
Re: (Score:2)
It is good to use 2FA but it isn't a security panacea. There are hacking teams that have broken it by calling up Verizon and claiming they're you, and then performing an sms password reset.
Which is a good reason not to use SMS-based 2FA. Use the Google Authenticator app, or a Yubikey... or even a printed list of pre-generated codes.
But 2FA is only one line of defense implemented by Google. There are a lot of behavioral signals as well, making Google accounts significantly harder to break into even without 2FA.
This shows... (Score:2)
...that connecting sites, and allowing one site to post to another, increases your attack surface. It also shows that a failure to police these connections can increase risk as older services become "stale."
Twitter, Facebook, et al should introduce security tools to help remind users. "Hey, you haven't used "Cartoon your face" in two years. Would you like to disable access to your account? You can always change it back later."
Quora ? Quota ? (Score:1)
Please edit article link or title the two are probably not the same...