Facebook’s Corporate Social Media Accounts Were Hacked by ‘OurMine’

• Various social media accounts on Twitter and Instagram belonging to Facebook were taken over by hackers.
• Saudi hackers promptly published a message to embarrass Twitter and promote themselves.
• The platform responsible for this hack is Khoros, a community, and a social media management tool.

Hackers have managed to hack Facebook’s accounts on Twitter and posted the following message for 13.4 million followers to see: “Hi, we are OurMine. Well, even Facebook is hackable, but at least their security better than Twitter. To improve your account's security, contact us at “contact@ourmine.org”. For security services, visit “ourmine[.]org”. So, there you have it. Hackers did what they did to promote their security and protection services and to also mock Twitter on its apparently atrocious security. The account takeover lasted only 30 minutes, and Facebook tweeted the following when they gained back control.

Some of our corporate social accounts were briefly hacked but we have secured and restored access

— Meta (@Meta) February 8, 2020

The “OurMine” group of hackers is of Saudi descent, and they have demonstrated their capacity to hack Twitter accounts again in the past like when they targeted the head of Sony Studios for example. More recently, they compromised the social media accounts of 16 NFL teams. This time though, they didn’t stop at Twitter, as they also took over Facebook’s social media accounts on Instagram too. The group has used leaked credentials which they acquired from the dark web in the past, but this time, it is believed that they used password resets to gain control of the target accounts.

In fact, it was neither Twitter nor Facebook that were compromised this time, but Khoros, an online community, and social media management software firm. Facebook was using Khoros to manage their social media accounts, so they were compromised indirectly. This goes to show how the addition of steps and tools can introduce new risks for account holders, and while these tools offer convenience, they can result in embarrassing hacks. While Khoros is responsible for what happened, the negative publicity goes first to Twitter and secondly to Facebook.

Access to the Khoros Marketing platform was temporarily suspended this evening due to a phishing attack that allowed a bad actor access to our platform. For the latest updates, please subscribe to https://t.co/PHQ932nnsF

— Khoros® (@Khoros) February 8, 2020

OurMine always urges their victims to pay more attention to security, and shame Twitter for its lack of proper protection measures. They say that their goal is to make a statement and not to irreversibly steal the target account from its rightful owner. As they point out, hacking the social media accounts of celebrities and known entities like the NFL teams is a lot easier than targeting an unknown person, simply because they have easier access to the real names, email addresses, and phone numbers of eponymous users.