Industry News

Playstation chief Shuhei Yoshida has his Twitter hacked by OurMine

Shuhei Yoshida, the popular president of Sony Computer Entertainment’s worldwide studios, appears to be the latest victim of the OurMine hacking gang, after his Twitter account was hijacked yesterday.

Yoshida is one of Sony’s best known faces, frequently appearing at Playstation press conferences or tweeting about his love for PS4 games.

OurMine, which has previously broken into social media accounts belonging to Mark Zuckerberg, Google CEO Sundai Pinchai, and has recently been linked to DDoS attacks against WikiLeaks and Pokémon Go, says that it was testing Yoshida’s security.

As is their normal modus operandi, however, OurMine didn’t miss an opportunity to cause some mischief – tweeting a message which appeared to be in support of the Xbox, Sony Playstation’s arch-rival.

shuhei-tweets
Source:Twitter

Fortunately OurMine appears to be more motivated by mischief-making and promoting its services rather than using hacked social media profiles to phish or infect others.

“Hey, its OurMine, we are testing your security”

“You have been hacked by OurMine Team Visit our website to secure yourself.”

In some ways you could argue that it’s a good thing that it’s OurMine hacking accounts rather than someone else. But what would be best of all is if high profile accounts were properly protected in the first place.

Yoshida himself doesn’t appear to be that flustered by the experience. He has regained control of his account, and tweeted an apology to his followers.

Following the devastating hack which struck at parts of the Sony empire in late 2014, it would be nice to think that the company had to got to grips with security, and educated its senior staff about how to protect themselves online.

But clearly Yoshida, at the very least, didn’t have the right protection in place. Either he was careless with his password and fell foul of a phishing attack, or he made the mistake of reusing the same password for his Twitter account (where he has impressively accumulated almost 250,000 followers).

Whatever the precise nature of how the hackers managed to get their hands on Yoshida’s password – it seems unlikely that he had enabled Twitter’s two-factor authentication facility.

Twitter calls its 2FA system “Login verifications”, and I strongly recommend that all users of the site enable the feature as it means that even if your password is compromised, that won’t be enough to allow hackers to hijack your account.

Bitdefender’s Alexandra Gheorghe has written a great guide on how to enabling two-factor authentication and two-step verification on a number of popular sites, including Twitter.

Frankly, if a site is offering you two-factor authentication to protect your account, and you don’t enable it… you’re asking for trouble.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.