Early Saturday morning the team that has been breaking into high-profile social media accounts managed to temporarily hijack Twitter accounts for the CEOs of Yahoo and Twitter. Despite repeated requests from Engadget, Twitter has not commented on the incident and Jack Dorsey has not tweeted about it. Twitter’s Trust & Info Security Officer Michael Coates did take time to refute a claim made by the OurMine hackers, after they posted a screenshot they claimed proves Vine has access to its users passwords.
We securely store our passwords per industry best practice (bcrypt).
— Michael Coates ஃ (@_mwc) July 9, 2016
According to Coates, on Vine “the admin site is restricted to Twitter IPs, is https, and never shows passwords in any form.” OurMine claims they only took it from Dorsey’s Dropbox, but as ZDNet points out, some of the info in the capture suggests it’s just a fake. We still don’t know exactly what hole the group used to tweet from @Jack, but check the post from Saturday for some tips on what you should do to be as secure as possible.