The OurMine hackers are back in the news again. This time the group hacked and defaced the official domain of Unity 3D Forums leaving a deface page along with a note over the weekend.
The hack which took place on 30th April allowed the Saudi Arabia-based OurMine hacking group to compromise the forum’s security and leave a note stating “Hacked by OurMine! Your Security is low.”
Unity 3D administrators have acknowledged the hack but stated that no password was stolen in the attack and that the 2FA Authentication will be introduced to the forums for better security. Furthermore, the administrators are also planning to bring Device Identification and Password Policy on the forums. According to the official statement from Unity 3D:
On April 30, our public forum website was attacked and successfully compromised due to poorly implemented password routines; our investigations show no theft of passwords in this attack, nor impact to any other Unity service. However, the attack did result in defacement of the site (which has since been fixed) and subsequent messaging to all of our registered forum users.”
One of the team members from Unity stated on Reddit that:
“Hi everyone, Unity employee here! I just wanted to chime in to let you know that our team is working vigilantly to get to the bottom of the incident, we will update you all as soon as we can.”
After the hack, the Unity 3D forums was down for maintenance though at the time of publishing this article the forums were online and reachable. However, if you have an account on Unity 3D forums it is advised that you change your password.
Just in case if you are not familiar with the OurMine then this is the same group who conducted the biggest hack in YouTube’s history last month by taking over hundreds of popular YouTube accounts and defacing their titles with #OurMine signature. The same group was in the news for hacking Google’s CEO Sundar Pichai, Facebook’s CEO Mark Zuckerberg, Co-founder of Twitter Jack Dorsey and several other top media celebrities and news outlets.
It is unclear how OurMine hacks its victims but researchers believe that the group uses passwords stolen from previous data breaches including LinkedIn and MySpace. The group is also working on establishing itself as an IT security firm to help companies against cyber attacks, however, it is unclear whether such tactics will give them clients or scare them away.