No, this wasn’t a viral ad for an upcoming hacker drama: Notorious hacking group OurMine took over Marvel’s and Netflix’s Twitter accounts Wednesday morning, declaring in tweets: “Don’t worry, we are just testing your security.”
Netflix was apparently first targeted. An initial tweet published by OurMine was quickly deleted by Netflix’s social team, but the group kept posting new tweets for some time, engaging in a game of whack-a-mole with the service, according to TechCrunch.
Soon after, OurMine switched targets, and took over a series of Marvel accounts, including Twitter.com/Marvel as well as accounts for Marvel Music and Marvel characters like Dr. Strange, Captain America and The Avengers.
When you follow all individual Marvel accounts and are spammed in a row by OurMine :/ What even 2016. pic.twitter.com/vrcKdU0f3R
— Nirat (@NiratAnop) December 21, 2016
This isn’t the first time OurMine has taken over high-profile Twitter accounts. Previous targets included Google CEO Sundar Pichai, Facebook CEO Mark Zuckerberg and even Twitter CEO Jack Dorsey. Variety’s Twitter account was compromised by OurMine earlier this year as well. However, other than posting a few tweets, it seems like OurMine never has caused any lasting damage.
OurMine is thought to exploit weak passwords, and possibly apps that have been granted access to Twitter, to take over accounts. The best protection against these kinds of attacks is the use of Twitter’s two-factor authentication, which sends a numerical text message to a user’s phone every time that user tries to log in from a new device. It’s also a good idea to regularly check the list of third-party applications that have access to one’s account.
Update: 9:40am: This post was updated with details on the Marvel account hack.