Cyber Incident Victim: BuzzFeed Inc.
Date:
Oct 2016
Location:
United States of America
Summary
A prominent media outlet was compromised by the OurMine hacking group, which altered multiple articles and defaced content in retaliation for publishing what the group deemed false claims about its membership. The attackers asserted control over the website, replacing a story alleging a Saudi teenager's involvement with a warning threatening public release of the organization's database if further "fake news" was shared. OurMine, known for previous breaches targeting high-profile tech executives and gaming platforms, emphasized possessing sensitive data while denying any affiliation with the individual mentioned in the original report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 5, 2016, the hacking group OurMine compromised BuzzFeed's website by altering multiple published stories. This intrusion occurred approximately one day after BuzzFeed published an article alleging a Saudi teenager was responsible for hacks attributed to OurMine. The group replaced the content of their own BuzzFeed coverage with a direct warning: "Hacked by OurMine team. Don't share fake news about us again, we have your database. next time it will be public. Don't f**k with OurMine again." OurMine explicitly stated the attack was retaliation for what they deemed false reporting about their affiliation with the teenager, whom they dismissed as "just a fan." Beyond modifying the article about themselves, the hackers altered several additional stories across BuzzFeed's platform. The compromised article about OurMine was subsequently taken offline by BuzzFeed following the breach.
OurMine had previously gained notoriety for compromising social media accounts of technology executives from Facebook, Google, Twitter, and Oculus prior to targeting BuzzFeed. The group had also breached gaming servers, including those supporting Pokémon Go. Their BuzzFeed intrusion demonstrated both website access and content manipulation capabilities, with explicit threats to expose stolen database information if further "fake news" was published about them. No specific technical details regarding the attack vector or duration of unauthorized access were disclosed in available reporting. The incident highlighted operational tensions between media organizations and threat actors seeking to control narratives about their activities through direct digital retaliation.