How a Single Password Triggered the Business Insider Breach

By on

When it comes to cyberattacks, publicity is a magnet. But what happens when news publications themselves become targets? One of the biggest names in business publication, Business Insider, came under siege this week. The attack was yet another launched by the infamous OurMine, the cybercriminal group behind recent attacks on both Buzzfeed and Variety. But this time, they had accidental help from a Business Insider employee.

This employee wasn’t disgruntled, however, just negligent in terms of security. They aided the crooks with a simple mistake – reusing the same password across multiple sites. Someone with publishing privileges at Business Insider was said to have used that same password across multiple sites. This was OurMine’s easy way in. By discovering the password from other sources, it was easy to copy-paste it for entry into Business Insider’s publishing platform.

Once inside, crooks edited stories and pushed out a malicious ad that was spread across both Web and mobile versions of the publication. In typical fashion, OurMine posted on Business Insider, “Hey, don’t worry we are just testing your security, we didn’t change your password or anything. Visit our website for more information.” Of course, they added a link that went to their own website. This was basically an illegal advertisement of their security services.

With a pretentious air, OurMine has previously stated their hacks are merely attempts to teach us all security lessons. However, such a back-handed effort draws attention to Business Insider’s vulnerabilities as well as teaches us this — don’t reuse passwords, and watch out for potentially malicious ads.

How can you keep secure in light of events like these? Here are some tips to keep in mind:

  1. Double check before clicking on unfamiliar ads. It’s possible to evaluate the security of any link, before clicking. Many browsers have built-in safeguards, but you can never be too safe when surfing the Web. Double up with security solutions like McAfee WebAdvisor, which can scan Web pages for malicious links.
  2. Use unique passwords for every account. While the most basic step to account security is avoiding weak passwords (think “password1234”), it’s also imperative to differentiate them across your accounts. Need help remembering all of your long, strong passwords? A password management solution could really come in handy.
  3. Don’t believe noble claims by cybercriminals. Many cyber crooks are really just wolves in sheep’s clothing. It’s common for them to use tactics like social engineering to trick victims into visiting a dangerous site. Should you ever encountering bold claims from tech-savvy strangers — whether on websites, in texts, emails, or other channels — you should always have a careful eye. Go ahead, be skeptical.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

gary

Categories: Consumer Threat Notices
Tags: , ,

Leave a Comment

Similar articles

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is ...
Read Blog
If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and ...
Read Blog
Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only is there so much to do but there’s so much to spend money on. There are presents to purchase, feasts to prepare and party outfits to buy. Throw in a holiday to fill the long ...
Read Blog