Google CEO Sundar Pichai had his Quora account hacked last night, becoming the latest in a list of major tech figures to have their social media presences hijacked by a group calling itself "OurMine." The breach comes less than a month after both Mark Zuckerberg and Spotify boss Daniel Ek suffered a similar fate.
The breach of Pichai's account became apparent when tweets linking to Pichai's Quora posts — referencing the OurMine group — appeared on his official Twitter account late Sunday night. Unlike the case of Daniel Ek, however, the hackers hadn't gained access to Pichai's Twitter account proper, instead relying on Quora's auto-tweet functionality to notify his half-a-million followers about the breach.
The mysterious OurMine group's methods appear to differ from other recent high-profile hacks. Rather than simply defacing a target's social media presence, the collective behind OurMine says it's "testing security," advising the target to get in contact to "upgrade it." Regular people can also pay for the group's services, charging up to $5,000 for a "scan" of social media accounts, site security holes, and other vulnerabilities.
Individuals claiming to represent the group tell Mic that they started out hacking accounts to quietly collect personal data, changing their approach to shill OurMine's own services on the Facebook, Twitter, and other social media accounts of those high-profile targets affected. It's not clear what the process of "upgrading security" mentioned in Pichai's Quora hack entails, or whether it's simple extortion, but OurMine says it has already made $16,500 selling its "services."
OurMine claims to be a three-person team "testing security"
Speaking to Mic, OurMine claimed to be a three-person team. Some experts suggest the group is breaching big-name accounts using older databases of passwords available to nefarious actors: a method may explain why it was Pichai's Quora account hijacked in this case, rather than far more frequently trafficked networks like Twitter or Facebook. Earlier this month, Mark Zuckerberg's Pinterest account was hacked alongside his Twitter account, with OurMine clearly stating that it had gained access using the password "dadada," revealed as part of the 2012 LinkedIn hack.
It's not clear whether Pichai paid to regain access to his Quora account, but both the comments and the auto-tweets were deleted a few hours after they were posted. Other celebrity figures say they would have a different approach in the case of a breach — musician deadmau5 told OurMine to "go fuckin' crazy" with his social media accounts earlier this year if the group could get in.