Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network. The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn.
The leaked data was published on the hacker group's website late last night. It included links to six data troves, offering 3.12TB of data for download. Browsable from OurMine’s site, the data included Vevo’s private dossiers on 90 different artists, including Taylor Swift, Ariana Grande, One Direction and U2. Other documents included social-media strategy memos and instructions for disabling the office’s alarm system.
"We don't know how long they [the hackers] have been accessing the Vevo system or what additional data –financial, email, employee info – the attackers may have..." cautioned Terry Ray, CTO of data and application security company Imperva, in emailed comments. Attackers maximize opportunities for engagement by impersonating legitimate users or by fine-tuning profile fields and interactions to lure targets. Once socially engineered, a target's trust can be leveraged to extract personal information or deliver malicious payloads.
New York-based Vevo, which is jointly owned by Universal Music Group, Sony Music Entertainment, Warner Music Group, Abu Dhabi Media, and Google parent company Alphabet Inc., acknowledged the breach in an official statement, which revealed that OurMine's initial method of attack was a social engineering scheme perpetrated via social media.
Vevo spokesperson acknowledged the incident. "We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure," the company said. Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.
Vevo joins a long string of companies compromised by OurMine, which typically uses high-profile targets to drum up interest in legitimate security products. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs. Last month, the group compromised both the WikiLeaks website and various HBO-linked social media accounts. Previous targets include Mark Zuckerberg, Sundar Pichai and Jack Dorsey.
The leaked data was published on the hacker group's website late last night. It included links to six data troves, offering 3.12TB of data for download. Browsable from OurMine’s site, the data included Vevo’s private dossiers on 90 different artists, including Taylor Swift, Ariana Grande, One Direction and U2. Other documents included social-media strategy memos and instructions for disabling the office’s alarm system.
New York-based Vevo, which is jointly owned by Universal Music Group, Sony Music Entertainment, Warner Music Group, Abu Dhabi Media, and Google parent company Alphabet Inc., acknowledged the breach in an official statement, which revealed that OurMine's initial method of attack was a social engineering scheme perpetrated via social media.
Vevo spokesperson acknowledged the incident. "We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure," the company said. Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.
Vevo joins a long string of companies compromised by OurMine, which typically uses high-profile targets to drum up interest in legitimate security products. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs. Last month, the group compromised both the WikiLeaks website and various HBO-linked social media accounts. Previous targets include Mark Zuckerberg, Sundar Pichai and Jack Dorsey.
No comments:
Post a Comment