Days after taking over the social media accounts of US television network Home Box Office (HBO), notorious hacker group “OurMine” has hit again, this time claiming to have hacked Sony PlayStation’s official Twitter and Facebook accounts. The hacker group is known for breaching into high-profile figures and companies’ social media accounts, including, those of HBO.
According to a report in IBTimes.co.uk, in a series of posts, OurMine wrote: “Hi, it’s OurMine, we are a security group, if you work at PlayStation then please contact us.” Though “OurMine” claims to be a security group, its official website describes the group as “an elite hacker group known for many hacks showing vulnerabilities in major systems.
According to a report in Business Insider, “OurMine” hacks services operated by major corporations, publicises those hacks and then sells its security services to the company it hacked. The hacker group hacked PlayStation Brasil’s account too and posted similar messages, trying to get the hashtag #PlayStationLeaks trending.
According to an OurMine member who was quoted in the report, they pulled off the breach using the gaming giant’s Sprout Social management account.
“OurMine” also claimed that the PlayStation Network database was also potentially compromised. If true, it would mean that the user registration information such as names and email addresses can be exposed at the will of the hackers. However, the hacker group has said it was not intending to release the data, claiming “we are a security group”. “We choose the people who have bad security to hack them and notify them about their security,” the hacker group was quoted as saying. ALSO READ: Amid hacking fears, Indian Government may force smartphone makers to set up servers in India: Report
Sony quickly regained access to the social media accounts and the posts have since been taken down. “A pre-emptive move of running a bug bounty programme may have aided Sony in avoiding the hack as it does for organisations that handle precious data including Facebook, Google and even the US Department of Defence running ‘Hack the Pentagon, Army and Air Force’ programmes,” Ankush Johar, Director of BugsBounty.com told IANS.
BugsBounty.com is a crowdsourced security platform for ethical hackers and organisations. OurMine was also responsible for hacking the social media accounts of Facebook CEO Mark Zuckerberg, Google’s Sundar Pichai and Twitter’s Dick Costolo last year. They have also not spared websites like Variety, TechCrunch and BuzzFeed.
A report in the Wired last month quoted an anonymous member of the group saying that their string of tech executives embarrassment “is only its way of teaching us all a helpful lesson.”
“We don’t need money, but we are selling security services because there are lot [of] people [who] want to check their security,” the anonymous hacker was quoted as saying. “We are not blackhat hackers, we are just a security group… we are just trying to tell people that nobody is safe,” he added.
For Sony also, this is not a new experience. The Playstation service was crippled for a month in 2011 after sensitive information of about 77 million subscribers was exposed during a massive cyber attack. In December 2014, a group called Lizard Squad unleashed a series of DDoS attacks against both Sony and Microsoft, crippling PlayStation Network and Xbox Live during the holiday season.
“After the massive 2011 hack of Sony’s PlayStation Network, hackers claim that they’ve gained access to their data again,” Johar said. “Unfortunately, we’ve noticed in a lot of cases that social media credentials are written in plain text in configuration files that are left unprotected,” he added.