Cyber Incident Victim: Business Insider
Date:
Nov 2016
Location:
United States of America
Summary
Business Insider's website was compromised by the hacking group OurMine through unauthorized access to an employee account with publishing privileges, facilitated by password reuse across multiple platforms. The attackers altered content on the U.S. version of the site, posted messages claiming the intrusion was a security test, and triggered push notifications to app users. The group, known for exploiting recycled credentials from historical breaches like LinkedIn and MySpace, previously targeted high-profile tech executives and media outlets through similar methods. This incident underscored vulnerabilities stemming from credential reuse despite prior warnings from security experts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 2, 2016, the Business Insider website’s U.S. edition was compromised by the hacking group OurMine. The attackers gained unauthorized access to the content management system, enabling them to edit multiple published stories on the site. OurMine publicly claimed the intrusion was a security test, emphasizing they did not alter account passwords. Business Insider detected the breach and issued a push notification to users of its mobile application, followed by a public apology displayed on the website acknowledging the disruption and assuring users that restoration efforts were underway. The compromise caused temporary service interruptions and forced the organization to dedicate resources to investigate the breach, revert unauthorized content changes, and implement corrective measures.
The intrusion stemmed from credential reuse by an employee with publishing privileges, who had employed the same password across multiple online platforms. OurMine exploited this vulnerability by leveraging credentials likely obtained from prior third-party data breaches, such as LinkedIn or MySpace leaks, consistent with their established tactics. This group had previously targeted high-profile individuals, including tech executives like Google’s Sundar Pichai and Twitter’s Jack Dorsey, and media entities such as BuzzFeed and Variety. The incident underscored operational risks associated with password reuse, particularly for accounts with elevated privileges. Business Insider conducted internal reviews to address the lapse, mandated password resets for affected accounts, and faced reputational impacts due to the public nature of the breach. The attack highlighted broader cybersecurity challenges tied to credential recycling across internet services.