When the official Facebook Twitter account tweets that “even Facebook is hackable,” you know it’s going to be an uncomfortable virtual ride for the social network.
Fortunately for Facebook, that ride was over pretty quickly. Unfortunately, not before the Saudi OurMine hacking group was able to post to Facebook’s social media accounts on Instagram as well.
The temporary account takeovers, which appear to have also impacted the official Messenger Twitter account, lasted for less than 30 minutes. Long enough to cause plenty of embarrassment for Facebook, already in the news this week for a WhatsApp one-click attack risk vulnerability.
How were the Facebook accounts on Twitter compromised?
The Twitter account takeover of the official Facebook accounts happened Friday, February 7. The Facebook Twitter account posted a late night tweet to its 13.4 million followers that read: “Hi, we are OurMine. Well, even Facebook is hackable but at least their security better than Twitter.” The compromised account tweet continued to offer “security services” to “improve your accounts security.”
It appears that it was not Facebook itself, nor Twitter, that had actually been compromised. Instead, as in previous account takeovers by the same group, a third-party marketing platform used to manage social media would appear to be the victim. This was confirmed to me in an email from a Twitter spokesperson. That statement went on to say, “As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at Facebook to restore them.”
Jake Moore, a cybersecurity specialist at ESET, told me that, in the past, OurMine has used leaked credentials from dark web sources but “here it seems they have used password resets to change account passwords.” I contacted the marketing platform concerned, but have yet to hear back with any comment.
Facebook confirmed the “hack” in a tweet once it had regained control over the compromised account: “Some of our corporate social accounts were briefly hacked but we have secured and restored access,” the tweet stated.
Who are the OurMine hackers?
If both the Twitter accounts attack methodology and the name OurMine ring a bell, that’s because this is a prolific hacking group. Indeed, the Dubai-based grouped were behind the recent Super Bowl LIV hack which compromised the Twitter accounts of the Kansas City Chiefs, the San Francisco 49ers, 13 other NFL teams and the NFL itself. Positioning itself as a security consultancy, OurMine always claims the attacks are made so as to draw attention to vulnerabilities in the security of these accounts. There can be little argument that it certainly does just that. There is, however, plenty to debate about the ethics of using these offensive tactics to do so. The legal situation doesn’t even need debating, that is pretty clear cut.
How can you protect your social media accounts from being hacked?
“To hack high profile accounts is quite a feat, but such accounts really need to bolster their own security and discover all of their own weak points,” Jake Moore says. “Using third-party software to manage social media can be convenient, but it also creates an attack vector for cybercriminals,” Moore warns, continuing, “I would suggest companies look at revoking all third party platform access which doesn’t offer robust multi-factor authenticator app protection.”
I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at email@example.com if you have a story to reveal or research to share.