OurMine, a Saudi hacking crew, has hacked the CMS (Content Management System) used to manage the Variety.com website belonging to the eponymous American entertainment magazine.
The group gained access to one of the site editor’s user account credentials, accessed the backend panel, and from there they sent out a newsletter to all site subscribers that read “Hacked By #OurMine – Read The post!! [Important.]”
Variety acknowledges the incident
The incident took place on Saturday, and Variety’s staff acknowledged the incident right away, apologizing to users and email subscribers.
At no point was Variety.com down. The site’s staff said there’s no indication the group stole customer personal information during the short time they had access to the site.
Based on an image on the group’s official website, it appears the hackers hacked into the account of an editor named Susan Crabtree.
Password reuse is most likely at the heart of the hack, especially after several massive data breaches thrust over a billion user credentials, complete with passwords, on the public Internet.
Group also hacked TechCrunch
At the end of July this summer, the group also hacked tech news site TechCrunch and published a fake story titled “OurMine Team – Important Message!”
Just like Variety, the TechCrunch team acknowledged the incident right away. “The ‘hack’ appears to have involved using an account of a contributor to post this article on TechCrunch,” the TechCrunch staff wrote in July.
Password reuse was also blamed for that incident as well. OurMine didn’t bring the site down, nor did they steal any user data.
The group is known for carrying out harmless hacks that usually end up in simple defacements. This may also be the reason why Saudi officials aren’t rushing to apprehend the hackers, even if the crew has been doxed a couple of times until now.