TechCrunch’s news ticker was updated to display: “Hello guys it’s OurMine Team, we are just testing TechCrunch Security, don’t worry we never change your passwords. Please contact us.” OurMine gained access to a contributor account and posted a similar message.
According to a report from Engadget, TechCrunch’s sister site, the hackers gained access via a contributor’s weak password, not by exploiting a vulnerability in the site or the site’s plugins. TechCrunch was able to regain control of the site within minutes and delete the content created by the attackers in the admin.
OurMine is the same group that hacked Mark Zuckerberg’s Twitter, Pinterest, and LinkedIn accounts after he used the same password for multiple sites. Bad password security can make even the most secure websites vulnerable to these types of attacks. Although OurMine is primarily targeting high profile individuals and publications, websites are constantly the target of brute force attacks.
Security plugins can help deter brute force attacks, but it’s virtually impossible to eliminate the human factor in poor password selection or the practice of using the same password for multiple online services. Site owners, especially those who run publications that have many users with permissions, are especially vulnerable to attacks that target bad password security.
Although virtually all experts warns users about weak passwords, it doesn’t force them to create a strong one. Site owners who want to make this a requirement can use specific plugins for extra security. Need a really strong password? Use our free strong password generator tool, and learn more about website security.