OurMine says they'll scan an entire company for $5,000 Credit: REUTERS/Dado Ruvic/Illustration On Saturday, Ezra Klein, the Editor-in-Chief (EIC) of Vox.com had his Twitter feed turned into a promotional tool for services provided by OurMine. In recent weeks, the group has taken credit for several social media hacks, with victims that include Silicon Valley and Hollywood elites.OurMine claims to be a security company, helping individuals and organizations secure their presence on the internet. However, they promote themselves by compromising the very social media channels they claim to protect.In reality, most real security professionals see the group as a collective of script kiddies, using recycled passwords to access an account and claim it as an exploit or sophisticated hack. Recent examples of the work/hacks OurMine has performed include the Twitter and Quora accounts Sundar Pichai, the CEO of Google, the Twitter account belonging to Mark Zuckerberg and the one used by his sister Randi, as well as accounts ran by YouTube star Markiplier, and actor Channing Tatum. Since June, OurMine has targeted Food Network star Ree Drummond, AOL Co-Founder Steve Case, Spotify Founder Daniel Ek, Vox Media staffer Matthew Yglesias, Amazon CTO Werner Vogels, Upfront Ventures’ Mark Suster, technologist Anil Dash, Uber CEO Travis Kalanick, and Sound Cloud founder Eric Wahlforss.In each case, most experts have speculated that OurMine used recycled credentials, collected via recently leaked account lists such as those from MySpace, LinkedIn, and Tumblr, to pull off their “testing”. OurMine actually promotes these public tests on their website, where they offer security scanning of social media accounts for $30, while a full website scan can run from $150 to $5,000. Oddly, they collect payment via PayPal, which usually frowns on criminal activities.Saturday’s attack against Vox Media’s EIC is just the latest example of the fallout stemming from this summer’s massive leak of social media credentials. While it isn’t clear if his credentials on Twitter were recycled, it fits the profile of the other incidents.The real concern is that if his Twitter accounts were recycled and discovered on one of the larger lists of leaked accounts, that could lead to a CMS compromise at Vox.At the time this post was written, Ezra Klein’s Twitter account was still compromised. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe