The OurMine hacking group claimed yet another corporate scalp this weekend – seizing control over the Twitter and Facebook accounts of Sony’s PlayStation Network (PSN).
The group, which just last week managed to hijack HBO’s Facebook and Twitter accounts, claimed in a series of tweets that it had gained access to the PlayStation Network’s database, and encouraged Sony to get in touch to receive – one presumes – some advice on how to better protect their online accounts.
What would that advice be?
Well, my guess is that it comes down to a few different things.
One is that everyone – including big businesses and popular brands – should protect their social media accounts with the additional security features that are available to them. These include enabling two-step verification (Bitdefender has described how to do this for Twitter, Facebook, Google and other sites here) so that even if a malicious hacker manages to determine your account’s password it won’t be enough for them to log into your account.
Other important advice includes remembering to never reuse passwords on different accounts, always use strong, long, hard-to-crack passwords, and to raise awareness amongst staff of the tricks that scammers can use to phish passwords from unwary employees.
In the case of this latest Sony hack, however, it’s possible that the problem lay not with the security of the social media accounts themselves – but instead the management tool being used by Sony’s social media team.
International Business Times reports that OurMine claim to have broken into Sony’s accounts after breaching the company’s Sprout Social management account.
Social media management software like Sprout Social allows a number of employees to share access to corporate Facebook and Twitter accounts, but it’s clearly important that the management software is also properly secured.
Spout Social accounts can be protected with two-step verification, but – if OurMine’s claims are true – it seems possible that Sony was not taking advantage of the feature.
At the time of writing, Sony appears to have regained control of the hijacked accounts and erased the unauthorised posts.
But what of OurMine’s claims to have stolen Sony’s PSN database? So far, there doesn’t seem to be any evidence that a breach of the PlayStation Network’s database has occurred, which will – of course – be a relief to its millions of users. And it should be borne in mind that there is a big difference between taking over some poorly-defended social media accounts and seizing highly sensitive data about customers.
Nonetheless, claims of a PlayStation Network hack will send a shiver down the spines of long-term users who may remember the serious security breach in 2011 which exposed millions of details.