After previously hijacking the social media accounts of multiple tech executives including Google’s Sundar Pichai, Facebook’s Mark Zuckerberg, AOL’s Steve Case, and Yahoo’s Marissa Mayer, hacker group OurMine set its sights on Twitter chief executive Jack Dorsey. It revealed today that not only was it able to post to his Twitter account, but it claimed to have gained access to his Dropbox folders where it alleges to have discovered evidence that Twitter is able to see your Vine passwords.
Twitter flatly denies this. A company spokesperson told VentureBeat that the screenshot is not an accurate depiction of the Vine admin site. “Our Vine admin site is restricted to Twitter IPs, is HTTPs, and never shows passwords in any form. We securely store our passwords per industry best practices,” we’re told in an emailed statement.
In a blog post today, OurMine states that Dorsey’s Dropbox contains “all Vine Files including picture of the control panel of Vine.” Furthermore, it posted a screenshot the group believes proves that those who have access to the panel “can see private information” and user passwords.
An individual claiming to be a member of OurMine was adamant that what the group had was the truth, saying all its Vine files were taken directly from Dorsey’s Dropbox account, including the control panel screenshot. What’s curious about this whole thing is: Why would Dorsey have live files relating to Twitter or even Vine stored on Dropbox?
For more than a few weeks, OurMine has been taking over various individuals’ social media accounts, including Foursquare, Quora, and Twitter, all with a message promoting security. And while that may seem altruistic, it’s also selling its services saying that it can offer better protection. Other than the aforementioned individuals targeted, the group has gone after venture capitalists Mark Suster and Vinod Khosla, Spotify founder Daniel Ek, former Facebooker Randi Zuckerberg, Amazon chief technology officer Werner Vogels, and actor Channing Tatum.
While the group is targeting CEOs and celebrities, don’t think you’re immune. If possible, use two-factor authentication and be aware of what services are connected with your accounts to avoid any compromising security risks.
Updated on 9:49 a.m. Pacific on Wednesday: Dropbox has issued a statement claiming that its service wasn’t hacked: “There was no compromise of Dropbox and we are not aware of any Dropbox vulnerability or exploit. As usual, we strongly encourage users to use unique passwords and enable two-factor authentication. We recently issued a blog post with tips on how to keep safe online here.”