TechCrunch defaced by self-professed 'white hat' hackers
'Don't worry we never change your passwords.' Contact us!
Startup tech news blogger TechCrunch appears to have suffered a security breach by online graffiti vandals.
The site, which at the time of writing blogs about Google, AOL and various startups nobody's ever heard of before or since, appears to have had one of its bloggers' login credentials compromised.
You got pwned
Devin Coldewey, according to his profile page on the site, is a Seattle-based writer and photographer. It looks like his account was compromised – and it also appears he has publication privileges.
Hacking crew OurMine claimed responsibility for the breach, writing under Coldewey's login credentials: "Hello guys it’s OurMine Team, we are just testing TechCrunch Security , don’t worry we never change your passwords. please contact us," along with a URL to a blog claiming credit for a host of hacks in recent months.
OurMine calls itself "an elite hacker group" and goes on to claim: "We have no bad intentions and only care about the security and privacy of your accounts and network." The site also attempts to elicit payment via PayPal for various "services", including charging $1,000 to "scan website for any vulnerability".
TechCrunch even told Twitter they'd been hacked, albeit automagically
TechCrunch is hosted on Wordpress.com, and the default login URL
/wp-admin/ takes you straight to its main CMS login page.
/wp-admin/ is a well-known weak spot in the WordPress CMS, with many dubious scripts targeting that page for brute-force login attempts. The precise mechanism for the hack, however, is not known.
El Reg tweeted at Techcrunch to ask what happened but they haven't replied. The offending article has since been deleted. ®
Updated on Wednesday 27 July 2016 at 9am UTC to add: TechCrunch has since published a statement along with a story 'fessing up to having suffered "a hack by any other name". It admitted that a reused password was a factor in the pwnage and that "2-factor authentication" is, like, a good idea. The statement reads:
An unauthorized individual compromised the CMS account of one of our TechCrunch writers and used the account to post a story. This was an isolated instance and we have secured the account. There was no risk posed to our readers or their data.