Netflix’s social media team had a rough morning today after a known hacker group called OurMine performed a hack on the company’s official U.S. Twitter account. The group posted a series of rogue posts, mockingly urging Netflix to “upgrade their security.” Netflix’s Twitter account has 2.48 million followers.
The actual tweets posted by the hackers in Netflix’s name were eventually deleted by Netflix’s staff, but a number of news outlets and Twitter users were quick to take screenshots. The tweets were, ironically, about security.
Netflix is just another victim in a series of hacks by OurMine, TechCrunch reports. In the past, the same hacking group was responsible for the hack of several famous Twitter accounts, among them the accounts of actor Channing Tatum, Google CEO Sundar Pichai, and Facebook CEO Mark Zuckerberg.
Surprisingly, the OurMine hacking group offers to sell security services to people and companies for thousands of dollars. An anonymous hacker belonging to the group spoke to Wired months before the Netflix hack and explained the group’s position.
“We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security.
“We are not blackhat hackers, we are just a security group… we are just trying to tell people that nobody is safe.”
As today’s hack clearly shows, Netflix’s Twitter account wasn’t safe either. But how was the hack performed, exactly?
The group usually targets a specific employee of the company being hacked and then moves on from there. Regarding the Netflix hack, Mashable contacted one of the hackers from OurMine who told them he had hacked Netflix’s director of social media and used his credentials to hack and gain access to more Netflix accounts.
That same method was used by the OurMine hackers when they hacked into the Twitter account of Google’s CEO, Sundar Pichai. According to their claims in the Wired interview, they first hacked his account on a different online service using a “web vulnerability,” and that account was linked to Pichai’s Twitter account.
To hack a person’s social media account (or that of a company like Netflix), hackers use a variety of methods, which everyone should be aware of to minimize the risk of becoming the next Netflix.
The easiest way for someone to hack into your account is simply to guess your password. Obviously, if you’re using a password like “1234,” the hacker has a very easy job. It’s safe to assume this wasn’t the case with the Netflix hack, though.
Another way to find passwords is via major leaks when hackers post lists consisting of thousands and sometimes millions of hacked passwords that can later be used by other hackers for more complex hacks.
However, even if your password hasn’t been leaked and you use a long one, you need to be careful not to use easy-to-guess words for the password — and especially not words that are directly related to you, such as the name of your cat, your birthday, or your hometown — as these are easy for hackers to find out, often simply by looking at your social media accounts.
A similar method for a hack is “social engineering.” First, the hackers find out as many details about you as they can using your public social media accounts and things they can find about you via Google. You would be surprised how easy it is to discover the name of your first school, your mother’s maiden name, or your first pet.
And if these pieces of information sound familiar, it’s because they are. Companies and websites often use these types of questions for their “security questions” — things they ask you in case you forget your password so they can then help you reset it.
Once the hacker has that information, he can go to a company’s website or even call the company on the phone and, while pretending to be you, claim that you’ve forgotten your password. The company might ask him these “security” questions first, and since he already has the answers, his road to an account hack is often clear if the company is not careful enough.
Another way to hack accounts is via vulnerabilities, which is what OurMine claim to have done in the Google CEO case. They find bugs and vulnerable code in software and websites and use those to hack into the system and find user credentials.
At this point, it’s unclear which method OurMine used to hack into Netflix’s Twitter account, and even though none of the other Netflix services or websites were affected, this is still an embarrassment.
“The compromise was limited to a U.S. Twitter account and has been resolved,” a Netflix spokesperson told CNET.
Then again, a mysterious hack related to Netflix, by an anonymous hacking group, certainly fits the bill for the type of creepy, buzz-inducing campaigns that Netflix is often known for, so at least they’ve gained some free publicity along the way.
[Featured Image by Diabluses/Shutterstock]