Sundar Pichai isn’t going to have a happy start to his week. The CEO of Google’s Quora account appears to have been hacked by a group called OurMine, which previously broke into Facebook boss Mark Zuckerberg’s Twitter and Pinterest accounts earlier this month.
The three-man hacker outfit has been posting messages on Quora through Pichai’s account; it’s also connected to his Twitter account and as a result, OurMine was able to publicize their hack to all 508,000 of his followers. The tweets have now been removed, but we’ve got a screenshot.
OurMine has been targeting major tech execs of late, including Spotify’s Daniel Ek. It isn’t clear how the group is gaining access to their accounts, but it likely doesn’t involve system breaches of the social networks their targets have accounts with.
Instead, the group claims that it uses various exploits to pull passwords from celebrities’ browsers.
OurMine is attempting to rebrand itself as a ‘security firm‘ and offering its support to those it targets so that these incidents don’t occur again. It’s probably not the best way to garner your potential customers’ trust, but that’s the way OurMine seems to enjoy doing business.
We’ve contacted Google, Quora and OurMine for comment and will update this post if there’s a response.
Update: OurMine told TNW that it was only conducting a test:
“We are just testing people security (sic), we never change their passwords, we did it because there is other hackers can hack them and change everything.”
The group also noted that it managed to break into Pichai’s account by exploiting a vulnerability in Quora’s platform – one that it claims to have reported to the company, with no response.
Naturally, if you’re on Quora, you’ll want to change your password right away and make sure it isn’t the same as what you for other services.
Update II: Quora told TNW in a statement that it doesn’t believe a vulnerability on its platform led to Pichai’s account being broken into:
We are confident that Sundar Pichai’s account was not accessed via a vulnerability in Quora’s systems. This is consistent with past reports where OurMine exploited previous password leaks on other services to gain access to accounts on Twitter or Facebook. We also have no record of a report by OurMine pointing to a vulnerability. We recommend that people use unique passwords for accounts on different services, so that a security breach on one service does not lead to attackers gaining access to accounts on other services. Safeguarding our users is very important to us, which makes security at Quora one of our highest priorities.