Technology website TechCrunch breached and defaced by OurMine hacking group
The group previously hacked online accounts of Mark Zuckerberg and Sundar Pichai.
The website of technology outlet TechCrunch has been breached and defaced by a hacking group known as OurMine – a controversial collective claiming to be a 'security firm'.
The spam-like posts, which have since been removed, said: "Hello Guys, don't worry we are just testing techcrunch (sic) security, we didn't change any passwords, please contact us."
The defacement post took over one single article and, at the time of writing, was featured as the top story on the homepage. The article itself was spotted at roughly 12:30 BST and was live for roughly five minutes.
The TechCrunch website is run on WordPress VIP which powers a number of big-name brands including NBC, Time and Dow Jones. IBTimes UK has found a database being sold on one underground forum which claims to hold passwords for more than 45,000 WordPress websites, however it remains unclear if this cache is related to the breach.
IBTimes UK contacted TechCrunch for a statement however had received no response at the time of publication.
The OurMine group has previously broken into the accounts of technology chief executives including Facebook's Mark Zuckerberg and Google's Sundar Pichai. Other targets have included the servers of popular smartphone application Pokémon Go and the main website of whistleblowing platform WikiLeaks.
As previously reported, despite effectively hacking into the personal accounts of many high-profile figures, the group purports to be a legitimate cybersecurity operation.
One of the hackers with the purported three-person group, speaking with Wired in a previous interview, said: "We don't need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group...we are just trying to tell people that nobody is safe."
It is suspected the hackers are exploiting old credentials leaked from previous data dumps – including 'mega-breaches' from Myspace and LinkedIn – to find old passwords still in use by celebrities and well-known figures and exploit related accounts.
© Copyright IBTimes 2024. All rights reserved.