From celebrities to tech giants to political parties, hackers had a busy month exploiting the vulnerabilities of online accounts. Where some got lucky and were hit with only a few innocent “tweets,” others are facing the consequences of having millions of users affected. It’s all that and more in The Month in Hacks.
Kylie Jenner Brushes Off Hacking
On June 6, Just Jared reported that social media icon and reality star Kylie Jenner’s Twitter account had been hacked. Per usual, the hacker relished the opportunity to send offensive tweets. Jenner regained control of her account, but unfortunately did not use the opportunity to set a good online security example, instead saying “My Twitter was hacked, and I don’t really care. I’m just letting them have fun.”
Jack Black Alive and Well Despite Social Media Death Hoax
Complex reported on June 5 that Jack Black was the latest celebrity victim of a social media death hoax. Hackers took over Tenacious D’s (the comedy rock duo that Black is part of) Twitter account, announcing “I’m sad to officially announce the death of Jack Black at the age of 46, rest in peace brother.” Within hours, Tenacious D regained control of the account and dispelled the rumor.
Keith Richards Has Twitter Taken Over
Rolling Stones guitarist Keith Richards’s Twitter account was taken over by a hacker using the alias “Factor,” reported Joe.co. The Richards hack came on the heels of similar—and likely related—attacks the accounts of Tenacious D and deceased performer Ryan Dunn.
Yep, Even Mark Zuckerberg
On June 5, Venture Beat reported that the hacker group OurMine had taken over the Twitter, Pinterest and possibly Instagram accounts of Facebook CEO Mark Zuckerberg. While details on how the hack occurred remain murky, OurMine Team has cited the recent LinkedIn credential dump (which brought to light Zuckerberg’s reuse of the password ‘dadada’) as facilitating the breach.
OurMine Strikes Google CEO
Google CEO Sundar Pichai was the latest victim of hacker group OurMine, as reported by Fortune on June 27. The hackers exploited a weakness in the question and answer service Quora, thereby accessing Pichai’s Twitter account with stolen credentials. OurMine claims that the group seeks to raise awareness around online security. Quora denies the allegation that a vulnerability in its system allowed the hack, saying, “This is consistent with past reports where OurMine exploited previous password leaks on other services to gain access to accounts on Twitter or Facebook. We also have no record of a report by OurMine pointing to a vulnerability.”
Hackers Steal DNC Opposition Research on Trump
Officials at the Democratic National Committee confirmed to the Washington Post on June 14 that hackers had breached the committee’s computer network. While details remain murky on whether the hack was the work of Russian hackers or a lone wolf, it was confirmed they gained access to the DNC’s entire trove of opposition research on presumptive GOP nominee Donald Trump and were able to view all chat and email traffic. The campaign networks of Hillary Clinton and Donald Trump were also targeted.
Muslim Match Hacked: 150k Users Affected
SC Magazine reported on July 1 that the dating site Muslim Match was breached. Not only were credentials stolen, but the hackers were also able to access specific user details such as employment information, marital status and whether the user is a convert. Motherboard believes the hacker used SQL injection to penetrate the server.
VerticalScope Targeted in Massive Breach
Canadian based VerticalScope, which operates 480 million websites, was penetrated in a massive hack, reported Motherboard on June 14. The stolen data includes 45 million records from 1100 websites. Specific information may include email addresses, IP addresses, usernames and passwords. Because the sites used the weak MD5 algorithm, hackers were able to crack 74% of the stolen passwords. Popular sites operated by VerticalScope include AutoGuide.com, Motorcycle.com and TechSupportForum.com.
Russian Social Media Giant VK Hacked
On June 5, Motherboard reported that VK, Russia’s Facebook, had been breached. Over 100 million accounts were penetrated, allowing the hacker, who uses the alias “Peace” to access first and last names, email addresses, phone numbers and passwords. Peace claims that the passwords were stored in plain text at the time of the attack. The data is for sale on the dark web at an asking price of 1 bitcoin, or $570.