Entertainment news site Variety was briefly taken over by the infamous hacker group OurMine, the same group responsible for infiltrating several high-profile figures' social media accounts and media outlets in recent months. On Saturday (3 September) the hacking collective managed to break into Variety's content management system at approximately 9 am PT and deface the LA-based publication's site with a post of their own claiming responsibility for the attack.
The group also flooded the site's email subscribers' inboxes with dozens of identical emails with the subject "Hacked By #OurMine - Read The post!! [IMPORTANT]"
In its latest attack, OurMine gained access to subscribers' email list and announced their success with their now standard message that they were "just testing your security".
Irked subscribers claimed to have received at least 15 emails with one reader saying they received an email "every five minutes for two hours". Another said they received over 50 emails, tweeting a screenshot of their inbox as proof.
"Hello Variety, it's #OurMine, don't worry we are just testing your security, please contact us on ourmine.org," the email reads.
Variety acknowledged the breach on its social media channels and issued a statement shortly after the intrusion.
"You may have received one or more emails from Variety with the subject line #OurMine," Variety wrote. "Variety did not send those emails; please ignore and delete them. We are working diligently to contain the matter and will update you when the issues have been resolved."
Claiming to be a white-hat security firm created to demonstrate the weak security habits of high-profile accounts and offer "security audits" to prevent similar hacks in the future, OurMine previously targeted Google's Sundar Pichai, Facebook founder Mark Zuckerberg, Twitter's Jack Dorsey, and most recently, Wikipedia founder Jimmy Wales. The group also breached and defaced the homepage of technology website TechCrunch in July.
One member of the purported three-member hacker group told IBTimes UK that they choose their targets at random to try and inform the public that nobody is safe online. Regarding its latest attack, the contact also said they actually didn't intend to inundate Variety subscribers' inboxes with dozens of copies of the same email.
"We were trying to just send one message to their subscribers, but I don't really know why it sent more than 30 messages," the OurMine member said. The member also claimed to have Variety's full database on WordPress, but said they would not leak it to anyone, pointing to a screengrab posted on their website as proof of the infiltration. The OurMine contact said the team is planning on targeting another Silicon Valley company in the near future.
Variety said they have launched an internal investigation into the breach focusing on the "possibility that the password of an employee linked to the content management system was likely compromised". The publication noted that Variety subscribers' personal information was not accessed in the breach.
"In contrast to many other hackers, OurMine doesn't typically attempt to shut down websites or abscond with data," Variety noted. "The anonymous group positions itself as cybersecurity outfit that raises awareness for its services by hacking into prominent people and brands."