Cyber Incident Victim: National Geographic
Date:
Dec 2016
Location:
United States of America
Summary
The OurMine hacking group compromised the Twitter account of National Geographic Photography, posting messages to its 2.71 million followers claiming to test security and requesting contact from an individual named "Hannah." The attackers utilized credentials likely exposed through prior LinkedIn and MySpace data breaches, consistent with their history of targeting high-profile social media accounts, including those of Netflix, Marvel Entertainment, and tech executives. While the organization regained control of the account shortly after the incident, the breach highlighted vulnerabilities to credential-based attacks. OurMine, known for such intrusions, publicly stated intentions to transition into a security services provider offering protection against cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 31, 2016, the OurMine hacking group compromised the verified Twitter account of Nat Geo Photography, which had approximately 2.71 million followers at the time of the incident. The attackers gained control of the account for approximately one hour, during which they posted three unauthorized tweets. The first tweet followed their established pattern, stating, “Hey, it’s OurMine, we are just testing your security, please contact us for more information.” Subsequent tweets directly addressed an individual named “Hannah,” demanding contact with the messages “Hannah, just contact us we will stop tweeting” and “Hannah, just contact us.” While the article speculates Hannah may have been responsible for managing the account, no definitive confirmation of her role or identity was provided. The account was restored to legitimate control by the time the reporting article was published, though the exact recovery method and timeline were not detailed. No additional technical details about the intrusion vector were disclosed in the source material.
The incident aligned with OurMine’s documented modus operandi of leveraging credentials exposed in historical LinkedIn and MySpace data breaches to compromise high-profile social media accounts. Prior to the Nat Geo Photography breach, the group had executed similar takeovers of Netflix US and Marvel Entertainment Twitter accounts the preceding week. OurMine’s broader campaign included compromises of accounts belonging to prominent technology executives such as Google CEO Sundar Pichai, Facebook’s Mark Zuckerberg, and Twitter founder Jack Dorsey. The group publicly stated an objective to transition into a legitimate cybersecurity services provider offering protection against third-party attacks, though no operational business entity was confirmed in the source material. The hack caused temporary disruption to Nat Geo Photography’s official communications channel but did not result in reported data exposure or secondary account compromises based on available evidence.