Google CEO Sundar Pichai has become the latest victim of a hacking group called 'OurMine' after his Twitter-linked Quora account was temporarily compromised and filled with spam links.
The breach quickly became public after numerous posts surfaced on popular question-and-answer website Quora, and was also visible to Pichai's 508,000 Twitter followers as both accounts were linked.
The spam-like posts, which have since been removed, said: "Hey, it's OurMine, we are just testing your security." While they are now deleted, technology website The Next Web was able to screenshot the hackers' activities.
The 'OurMine' group, which claims to be a three-man operation, said it managed to breach Pichai's account by exploiting a previously unknown security flaw on the Quora website – however it did not elaborate what the loophole was. IBTimes UK contacted Quora for a statement but had received no reply at the time of publication.
Despite effectively hacking into the online accounts of many high profile celebrities, actors and musicians including Facebook CEO Mark Zuckerberg, former Twitter CEOs Dick Costolo and Ev Williams and Channing Tatum - the group purports to be a 'security firm'.
It has set up a website that displays a range of vulnerable scanning services and in a short statement said: "We are just testing people security (sic), we never change their passwords, we did it because there is (sic) other hackers can hack them and change everything."
One researcher traced an IP address used by the group to Saudi Arabia but it is likely the team is using Tor and a virtual private network (VPN) – both of which route internet traffic around the globe to hide the true location of a computer server.
It is believed that hackers are exploiting old credentials leaked from prior data dumps – including recent 'mega-breaches' at Myspace and LinkedIn – to find old passwords still in use by celebrities and well-known figures.
In the case of Zuckerberg, who had his old Twitter and Pinterest account targeted, the hackers taunted: "Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please DM us."
In the wake of the hacks, a Twitter spokesperson told the BBC: "A number of other online services have seen millions of passwords stolen in the past several weeks, and we know far too many people use the same password for multiple things online. We recommend people use a unique, strong password for Twitter."