A Hacker Group Hijacked Some Medium Blogs (Including Ours)
On Thursday morning, the hacker group known as “OurMine” hijacked several Medium blogs—including a Fortune contributors network. The group hit Wired’s Backchannel site and, we believe, a Bloomberg Tech blog, too.
Medium’s team took the sites down soon after being notified, eventually regaining control and restoring their content.
The hacker (or hackers) had taken over the Medium account of an employee on the blogging site’s strategic partnerships team, which works with publishers such as Fortune and Bloomberg, a person involved in the cleanup told Fortune. During the attack, OurMine used its access to do what it usually does: deface the sites, blast notices that they had been hacked, and claim to be “testing” security.
Get Data Sheet, Fortune’s technology newsletter.
“Hacked By OurMine ( Read – Important! ) – Hacked By OurMine ( Read – Important! ),” the group posted on Backchannel. A screenshot of the text captured in Google’s search engine cache following the takeover can be seen below.
“We’re temporarily offline—thanks for bearing with us while we sort things out!” Backchannel posted on Twitter in the interim. (This site and the others are now back online.)
The vandals did the same to a Fortune’s “insiders” blog, which is independent from the website you’re currently reading. “Hacked By OurMine,” the group wrote on the Medium page, changing the content of existing posts. “Hi, it’s OurMine don’t worry we are just testing your security,” the group said, before directing people to the its own website. (We do not recommend visiting their site.)
Fortune believes the hackers also targeted Bloomberg Tech’s Medium page. Like Fortune’s and Backchannel’s pages, Bloomberg’s homepage displayed a “404” error message shortly after the takeovers came to light. A Bloomberg spokesperson declined to comment.
In a statement provided to Fortune, Medium confirmed the hack. “This morning a group claiming to be OurMine gained access to a few publications that are hosted on Medium.com and made several changes to their content,” the company wrote. “We have stemmed all unauthorized access to these publications and halted the hack. We have reached out to all impacted publications to revert their sites to their previous state.”
According to a spokesperson from Backchannel, the OurMine vandals replaced the content of three stories and hacked the site’s homepage, resulting in the site being offline for about an hour.
A source familiar with the matter said Thursday’s incidents stemmed from OurMine hacking the Twitter (TWTR) account of a Medium administrator. The employee also used the Twitter account as a log-in mechanism for the online publication platform, which let the hacker access the publishers’ pages on Medium.
The hack of the employee’s Twitter account shows how using the login of one service to access another, while convenient, can increase the potential damage if the original account is hacked. Users can see which applications are linked to their Twitter account and selectively revoke access here. (Also, remember to protect your online accounts with long, strong, unique passwords and two-factor authentication.)
Learn about two-factor authentication here:
The group known as OurMine first emerged in 2016 and has earned a reputation as a nuisance hacker. It briefly took over the social media accounts of well known business people, including those of Twitter CEO Jack Dorsey, Facebook (FB) CEO Mark Zuckerberg, and Google (GOOG) CEO Sundar Pichai, but did little more than announce its name in its hacks.
The group has claimed its activity is a way to promote its security services, but many are skeptical. As a Wired profile on OurMine noted last fall, “those seeking a security audit should probably not engage a group of anonymous, lawbreaking Twitter-defacement artists.”
Thursday’s hacks are not the first time OurMine has targeted media outlets. Last year, the group hacked BuzzFeed in apparent retaliation for a story by the site that claimed to identify one of OurMine’s members as a Saudi teenager. OurMine also appears to have vandalized a network of YouTube channels last week.