It's never a dull day if you're working in HBO's IT security team. One day you're dealing with the unauthorised leaking of upcoming episodes of "Game of Thrones", next you're facing multi-million dollar extortion demands from hackers who've broken into your network and stolen 1.5 terabytes data and the personal contact details of your celebrity cast, then you're finding that yet more unaired episodes of your hit TV shows have made it out in the wild due to staff error. And now? Well, now HBO's social media accounts have been hacked. As Variety reports, the notorious OurMine gang seized control of a number of HBO social media accounts, including the main Twitter account for their most famous TV show.
Talk about kicking a company when it's down... Clearly HBO didn't have the right protection in place to secure its social media accounts, and made it too easy for the OurMine gang to gain access. Although some may think the spate of recent security incidents involving HBO can't be a coincidence, I don't believe that the OurMine gang is involved in the other breaches the company has suffered. OurMine's past hijacks of social media accounts have typically exploited organisations' carelessly reusing passwords or falling for phishing attacks. In light of the other problems that HBO has suffered in recent weeks it would be great to think that they had raised awareness amongst their staff of risks, and ensured that vulnerable properties (such as corporate Twitter and Facebook accounts) were locked down with two-step verification and (just in case) had had their passwords changed to new, strong, unique alternatives. Whatever the precise nature of how the hackers managed to get their hands on HBO's passwords – it seems unlikely that the company had enabled Facebook and Twitter's additional authentication facilities. Twitter calls its additional security measure “Login verifications”, and I strongly recommend that all users of the site enable the feature as it means that even if your password is compromised, that won't be enough to allow hackers to hijack your account. A similar feature is available to Facebook users to help defend their accounts against hackers. At least OurMine can consider itself in good company. As we've previously reported, past victims of social media hacking include Netflix and Facebook founder Mark Zuckerberg, who had some of his accounts compromised due to the combination of poor security practices and some disastrous password choices. Don't rest on your laurels. Take action today to secure your company's presence online and keep hackers out of your accounts. And if you ever do suffer a serious security breach, take time to think what else might be at risk and use the opportunity to raise awareness inside your organisation of the continuing risk of other assets being hacked, and take measures to prevent a bad situation from potentially getting worse. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Photo credit: "Balaclava" by Vlad is licensed under CC BY 2.0
