Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

PlayStation Social Media Accounts Hacked

A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday.

A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday.

OurMine, a Saudi-based security firm, specializes in breaching high-profile accounts in order to advertise its ‘prowess’ and sell its security services. Yesterday, it got into PlayStation’s Twitter and Facebook accounts, and claimed to have stolen ‘PlayStation Network Databases.’ All messages were quickly removed by Sony, but not before they had been seen, and not before PlayStation users’ concerns were raised.

The messages left on Facebook were potentially the more worrying: “Playstation, contact us we got Playstation Network database leaked!” This immediately provoked memories of the massive 2011 breach which forced Sony to shut down the PlayStation Network and Store, and had the personal information of some 77 million PSN users stolen.

Tweets posted by OurMine on PlayStation’s Twitter account were in the same vein, but added, “No, we aren’t going to share it, we are a security group, if you works at Playstation then please go to our website ourmine.org.”

Unless OurMine has changed its method of operation, then it is unlikely to leak any personal information – in fact, it is quite possible that the social media accounts are the totality of its success against PlayStation. However, this cannot be guaranteed; and until official comment comes from Sony, it cannot be guaranteed that PlayStation networks have not been breached and personal data stolen.

“It’s quite unlikely that the database is indeed stolen,” comments High-Tech Bridge CEO Ilia Kolochenko. “On the other hand, it can be a smart smoke screen to camouflage a large-scale data breach and distract attention of cybersecurity teams from the real problem. However, until Sony makes an official statement about their internal investigation, it’s too early to make any conclusions.”

At this stage, it cannot even be guaranteed that the social media hacks were performed by OurMine. The most recent hack it acknowledges on its website is the April 2017 YouTube hack, which it describes as “the biggest hack in YouTube history!” During 2016, OurMine is believed to have breached the Twitter accounts of Wikipedia co-founder Jimmy Wales, Pokemon Go creator John Hanke, Twitter co-founder Jack Dorsey, Google CEO Sundar Pichai, and Facebook co-founder Mark Zuckerberg – whose Pinterest was also hacked.

During 2017, OurMine has been ‘credited’ with further hacks against the Unity user forum, and, last week, against HBO’s media accounts. The message left on HBO was typical: “Hi, OurMine here, we are just testing your security, HBO team please contact us to upgrade the security.” HBO quickly regained control of the account and removed the messages.

The HBO Twitter hack is not thought to be related to the theft of 1.5TB of data from HBO. Earlier this month, these hackers released the personal phone numbers of Game of Thrones actors, emails and scripts. They are demanding a ransom of $6 million for the return of HBO’s proprietary information.

SecurityWeek has contacted both Sony and OurMine and asked for comments on the PlayStation Twitter breach. This story will be updated with any reply.

Related: Sony Deletes Tweets on Britney Spears’s Death, Blames Hackers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.