This weekend saw what must have seemed like a distressing message to friends, family and followers of Wikipedia founder Jimmy Wales:
Had internet entrepreneur Jimmy Wales really died at the tragically young age of 50?
Fortunately, Jimbo’s 116,000 followers didn’t have to wait too long to realise that all might not be quite what it seemed, as the next grammar-failing tweet from @jimmy_wales proved:
I can confirm that Wikipedia is all lies
OurMine Team is the true
Attached to the second tweet was a link to the OurMine hacking group’s website.
Yes, as you probably have guessed, the notorious OurMine hacking gang managed to break into the Twitter account of Wikipedia’s Jimmy Wales and mischievously tweeted news of his “death”, and changed his profile (which had been changed to read “hacked by OurMine.”)
The following day Wales tweeted that he had managed to regain control of his Twitter account:
I’m (obviously) OK, and tweeting back to normal.
So, what lessons can we learn from Jimmy Wales’s Twitter tussle?
Although OurMine isn’t in the habit of describing how it is hacking into accounts (they appear to be trying to drum up business for their security consultancy) it’s clear that many people – yes, even internet celebrities – are making basic errors with their internet security.
My top two tips to better secure your online accounts are to make sure that you are not reusing your passwords and to enable two-step verification where available.
If you make the mistake of reusing passwords then you are playing a dangerous game of online Russian Roulette. The risk you are taking is that if there is a data breach on one site (for instance, the massive password leak which happened at LinkedIn) then hackers will take those credentials and explore whether they can unlock your other online accounts.
For this reason you should always have hard-to-guess, hard-to-crack and – importantly – unique passwords for all of your accounts. If you find it difficult to remember dozens of different, complex passwords you’re not alone! The best way I believe to remember your strong passwords securely is to use a password manager.
The second tip of enabling two-step verification (sometimes delivered in a form called two-factor authentication) gives you additional security which means that any hacker would need *more* than just your password to break into your account. My hunch would be that Jimmy Wales did not have Twitter two-step verification enabled on his account, and this made the attack much easier for the OurMine hacking gang.
Wales is far from the first member of the tech community to have suffered at the hands of OurMine. This month along it has hacked into accounts belonging to Vimeo’s founder, a Facebook VP, and Gawker founder Nick Denton (who hasn’t been having the best of times lately).
As we described last month on the Bitdefender Business Insights blog, OurMine broke into the popular TechCrunch news website after one of the site’s many bloggers’ passwords were compromised, and WikiLeaks was knocked offline in an ongoing feud between OurMine and Anonymous.