TechCrunch is the latest victim in OurMine’s summer hacking rampage. The site was hacked this morning and defaced with a message from the attackers who identify themselves as an “elite hacker group.”

TechCrunch’s news ticker was updated to display: “Hello guys it’s OurMine Team, we are just testing TechCrunch Security, don’t worry we never change your passwords. Please contact us.” OurMine gained access to a contributor account and posted a similar message.

techcrunch-hacked-by-ourmine

According to a report from Engadget, TechCrunch’s sister site, the hackers gained access via a contributor’s weak password, not by exploiting a vulnerability in the site or the site’s plugins. TechCrunch was able to regain control of the site within minutes and delete the content created by the attackers in the admin.

OurMine is the same group that hacked Mark Zuckerberg’s Twitter, Pinterest, and LinkedIn accounts after he used the same password for multiple sites. Bad password security can make even the most secure websites vulnerable to these types of attacks. Although OurMine is primarily targeting high profile individuals and publications, websites are constantly the target of brute force attacks.

Security plugins can help deter brute force attacks, but it’s virtually impossible to eliminate the human factor in poor password selection or the practice of using the same password for multiple online services. Site owners, especially those who run publications that have many users with permissions, are especially vulnerable to attacks that target bad password security.

Although virtually all experts warns users about weak passwords, it doesn’t force them to create a strong one. Site owners who want to make this a requirement can use specific plugins for extra security. Need a really strong password? Use our free strong password generator tool, and learn more about website security.

Pin It on Pinterest

Share This
support
icon
Need Help?
Close
menu-icon
Support Ticket