Industry News

Wikipedia’s Jimmy Wales didn’t die this weekend, despite what his hacked Twitter account said

Source: Wikipedia

This weekend saw what must have seemed like a distressing message to friends, family and followers of Wikipedia founder Jimmy Wales:

rip-jimmy-walesRIP Jimmy Wales 1966 — 2016 #RIPJimmyWales.

Had internet entrepreneur Jimmy Wales really died at the tragically young age of 50?

Fortunately, Jimbo’s 116,000 followers didn’t have to wait too long to realise that all might not be quite what it seemed, as the next grammar-failing tweet from @jimmy_wales proved:

jimmy-wales-wikipedia-lies

I can confirm that Wikipedia is all lies
OurMine Team is the true

Attached to the second tweet was a link to the OurMine hacking group’s website.

Yes, as you probably have guessed, the notorious OurMine hacking gang managed to break into the Twitter account of Wikipedia’s Jimmy Wales and mischievously tweeted news of his “death”, and changed his profile (which had been changed to read “hacked by OurMine.”)

The following day Wales tweeted that he had managed to regain control of his Twitter account:

jimmy-wales-ok

I’m (obviously) OK, and tweeting back to normal.

So, what lessons can we learn from Jimmy Wales’s Twitter tussle?

Although OurMine isn’t in the habit of describing how it is hacking into accounts (they appear to be trying to drum up business for their security consultancy) it’s clear that many people – yes, even internet celebrities – are making basic errors with their internet security.

My top two tips to better secure your online accounts are to make sure that you are not reusing your passwords and to enable two-step verification where available.

If you make the mistake of reusing passwords then you are playing a dangerous game of online Russian Roulette. The risk you are taking is that if there is a data breach on one site (for instance, the massive password leak which happened at LinkedIn) then hackers will take those credentials and explore whether they can unlock your other online accounts.

For this reason you should always have hard-to-guess, hard-to-crack and – importantly – unique passwords for all of your accounts. If you find it difficult to remember dozens of different, complex passwords you’re not alone! The best way I believe to remember your strong passwords securely is to use a password manager.

The second tip of enabling two-step verification (sometimes delivered in a form called two-factor authentication) gives you additional security which means that any hacker would need *more* than just your password to break into your account. My hunch would be that Jimmy Wales did not have Twitter two-step verification enabled on his account, and this made the attack much easier for the OurMine hacking gang.

Wales is far from the first member of the tech community to have suffered at the hands of OurMine. This month along it has hacked into accounts belonging to Vimeo’s founder, a Facebook VP, and Gawker founder Nick Denton (who hasn’t been having the best of times lately).

As we described last month on the Bitdefender Business Insights blog, OurMine broke into the popular TechCrunch news website after one of the site’s many bloggers’ passwords were compromised, and WikiLeaks was knocked offline in an ongoing feud between OurMine and Anonymous.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.