Facebook’s Corporate Social Media Accounts Were Hacked by ‘OurMine’

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
Source: OurMine

Hackers have managed to hack Facebook’s accounts on Twitter and posted the following message for 13.4 million followers to see: “Hi, we are OurMine. Well, even Facebook is hackable, but at least their security better than Twitter. To improve your account's security, contact us at “[email protected]”. For security services, visit “ourmine[.]org”. So, there you have it. Hackers did what they did to promote their security and protection services and to also mock Twitter on its apparently atrocious security. The account takeover lasted only 30 minutes, and Facebook tweeted the following when they gained back control.

The “OurMine” group of hackers is of Saudi descent, and they have demonstrated their capacity to hack Twitter accounts again in the past like when they targeted the head of Sony Studios for example. More recently, they compromised the social media accounts of 16 NFL teams. This time though, they didn’t stop at Twitter, as they also took over Facebook’s social media accounts on Instagram too. The group has used leaked credentials which they acquired from the dark web in the past, but this time, it is believed that they used password resets to gain control of the target accounts.

In fact, it was neither Twitter nor Facebook that were compromised this time, but Khoros, an online community, and social media management software firm. Facebook was using Khoros to manage their social media accounts, so they were compromised indirectly. This goes to show how the addition of steps and tools can introduce new risks for account holders, and while these tools offer convenience, they can result in embarrassing hacks. While Khoros is responsible for what happened, the negative publicity goes first to Twitter and secondly to Facebook.

OurMine always urges their victims to pay more attention to security, and shame Twitter for its lack of proper protection measures. They say that their goal is to make a statement and not to irreversibly steal the target account from its rightful owner. As they point out, hacking the social media accounts of celebrities and known entities like the NFL teams is a lot easier than targeting an unknown person, simply because they have easier access to the real names, email addresses, and phone numbers of eponymous users.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: