Monday blues? Sundar Pichai has it worse. The CEO of Google is next in line to have his online accounts hacked after Mark Zuckerberg. The three-man hacker outfit who previously broke into Facebook chief's Twitter and Pinterest accounts using the leaked LinkedIn data, has now hacked into Pichai's Quora account.
However, unlike Zuckerberg's "dadada," hackers haven't used the passwords exposed by the 2012 LinkedIn data breach. OurMine, the Saudi based hacker outfit, has claimed that they discovered a vulnerability in Quora exploiting which they broke into Pichai's account. The group says that they informed Quora about this exploit, but didn't get any response from the Q&A community.
The hack became visible late Sunday night when OurMine posted answers on Quora using Pichai's account, which were then cross posted on his official Twitter feed. Since both the accounts were linked, it gave the group the ability to publicize their hack to over 500,000 followers of Sundar Pichai. All the tweets have now been removed from Pichai's feed.
The hacker group is branding itself as a security firm, and claims that it's testing security of accounts and platforms to teach people to secure their accounts better. Their goal, they say, is to expose these vulnerabilities so that these incidents don't occur again. "We are just testing people security (sic), we never change their passwords, we did it because there is other hackers can hack them and change everything," OurMine told TNW.
This may not be the best way to increase security awareness, but that is how this particular "security firm" works. The group also offers support to those it targets, scanning their online accounts and website security vulnerabilities. According to reports, OurMine charges from $100 to $5,000 for these "scans," and has managed to make $16,500 from these security services it offers. Bragging rights aside, targeting celebrities also earns OuMine some clients.
Now, why did Quora let it happen? Well, Quora has said that the breach was likely the result of Pichai using the same password across multiple services, and not a flaw in Quora's security:
We are confident that Sundar Pichai's account was not accessed via a vulnerability in Quora's systems. This is consistent with past reports where OurMine exploited previous password leaks on other services to gain access to accounts on Twitter or Facebook. We also have no record of a report by OurMine pointing to a vulnerability.
We recommend that people use unique passwords for accounts on different services, so that a security breach on one service does not lead to attackers gaining access to accounts on other services. Safeguarding our users is very important to us, which makes security at Quora one of our highest priorities. - Quora
Whether OurMine really did use a leaked database to hack into Pichai's account to get some more publicity, or Quora missed the received vulnerability reports - we can't say. But, what we can surely say is to change your Quora password, especially if you use the same password across different services.
