A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday.
OurMine, a Saudi-based security firm, specializes in breaching high-profile accounts in order to advertise its ‘prowess’ and sell its security services. Yesterday, it got into PlayStation’s Twitter and Facebook accounts, and claimed to have stolen ‘PlayStation Network Databases.’ All messages were quickly removed by Sony, but not before they had been seen, and not before PlayStation users’ concerns were raised.
The messages left on Facebook were potentially the more worrying: “Playstation, contact us we got Playstation Network database leaked!” This immediately provoked memories of the massive 2011 breach which forced Sony to shut down the PlayStation Network and Store, and had the personal information of some 77 million PSN users stolen.
Tweets posted by OurMine on PlayStation’s Twitter account were in the same vein, but added, “No, we aren’t going to share it, we are a security group, if you works at Playstation then please go to our website ourmine.org.”
Unless OurMine has changed its method of operation, then it is unlikely to leak any personal information – in fact, it is quite possible that the social media accounts are the totality of its success against PlayStation. However, this cannot be guaranteed; and until official comment comes from Sony, it cannot be guaranteed that PlayStation networks have not been breached and personal data stolen.
“It’s quite unlikely that the database is indeed stolen,” comments High-Tech Bridge CEO Ilia Kolochenko. “On the other hand, it can be a smart smoke screen to camouflage a large-scale data breach and distract attention of cybersecurity teams from the real problem. However, until Sony makes an official statement about their internal investigation, it’s too early to make any conclusions.”
At this stage, it cannot even be guaranteed that the social media hacks were performed by OurMine. The most recent hack it acknowledges on its website is the April 2017 YouTube hack, which it describes as “the biggest hack in YouTube history!” During 2016, OurMine is believed to have breached the Twitter accounts of Wikipedia co-founder Jimmy Wales, Pokemon Go creator John Hanke, Twitter co-founder Jack Dorsey, Google CEO Sundar Pichai, and Facebook co-founder Mark Zuckerberg – whose Pinterest was also hacked.
During 2017, OurMine has been ‘credited’ with further hacks against the Unity user forum, and, last week, against HBO’s media accounts. The message left on HBO was typical: “Hi, OurMine here, we are just testing your security, HBO team please contact us to upgrade the security.” HBO quickly regained control of the account and removed the messages.
The HBO Twitter hack is not thought to be related to the theft of 1.5TB of data from HBO. Earlier this month, these hackers released the personal phone numbers of Game of Thrones actors, emails and scripts. They are demanding a ransom of $6 million for the return of HBO’s proprietary information.
SecurityWeek has contacted both Sony and OurMine and asked for comments on the PlayStation Twitter breach. This story will be updated with any reply.
Related: Sony Deletes Tweets on Britney Spears’s Death, Blames Hackers
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
