Cyber Incident Victim: Variety

On September 3, 2016, at approximately 9:00 AM Pacific Time, the hacker group OurMine breached the content management system of entertainment news outlet Variety. The attackers defaced the publication’s website with a post claiming responsibility for the intrusion. Concurrently, they exploited Variety’s email distribution systems to spam subscribers with dozens of identical messages bearing the subject line "Hacked By #OurMine - Read The post!! [IMPORTANT]." The emails contained the text: "Hello Variety, it's #OurMine, don't worry we are just testing your security, please contact us on ourmine.org." Subscribers reported receiving between 15 to over 50 emails within a two-hour period, with some noting messages arrived every five minutes. This mass email blast caused immediate disruption and confusion among recipients.

Variety acknowledged the breach through its social media channels shortly after detection, advising subscribers to ignore and delete the fraudulent emails. The publication issued a statement confirming unauthorized access to their systems and emphasized ongoing efforts to contain the incident. OurMine, a group self-identifying as a white-hat security firm, claimed the attack was intended to demonstrate security vulnerabilities and stated they had accessed Variety’s WordPress database but would not leak it. They attributed the excessive email volume to an unintended technical glitch rather than deliberate spamming. Variety later indicated the compromise likely originated from a breached employee password tied to their CMS. No subscriber personal information was affected. The incident followed OurMine’s prior targeting of high-profile figures like Mark Zuckerberg and entities including TechCrunch, with the group asserting they selected victims randomly to highlight universal cybersecurity risks. Service restoration timelines were not disclosed in available sources.