Several executives in the tech industry and famous personalities in Hollywood have had their accounts compromised by a hacking group calling themselves OurMine who is claiming that they mean no harm.
OurMine was able to hack the accounts of Channing Tatum, Amazon CTO Werner Vogels, Spotify CEO Daniel Ek and the most recent being Google CEO Sundar Pichai. Unlike other hackers who deface the accounts of popular personalities, OurMine just tells people they are testing the security.
The group claims that they are only a three-person team doing all of the work. They said that they do not intend any harm to the accounts of the tech executives and personalities but they do want people to be aware of their security online.
One OurMine member told TechCrunch that they want to promote better security practices for everyone. When they hacked the Quora account of Sundar Pichai, they promoted their website to anyone who wants to "upgrade" their security.
The member said that they did not use the method of reusing the password from the recent data breaches and that they penetrated Quora's security. However, Quora issued a statement saying that they are confident that there was no vulnerability or exploit on their end.
OurMine also claims that they have submitted a report of the vulnerability they used to Quora. Again, the company announced that they have no record of any report from the hacking group.
Another member of the OurMine group told WIRED that they do not need money but they are selling their security services. On their website, the group offers a website scan for $1000 and a full company security audit for $5000.
When asked about why not just inform a company or an entity regarding a potential vulnerability in their systems, OurMine answered that they will just ignore their warnings and so they want to "prove" their point. The hacking group said that they did not do anything wrong as they did not change the passwords on the hacked accounts.
While the whole OurMine hacking group business seems shady, their actions do show that they just want to make everyone aware of online security. However, it is still not recommended to acquire of security audits from anonymous groups online.