Cyber Incident Victim: OurMine

On August 31, 2017, WikiLeaks' website homepage was altered to display a message attributed to the hacking group OurMine. The defacement appeared when accessing the site from certain locations in the early morning hours, with the message stating: "Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?" The message further taunted the Anonymous collective, referencing alleged prior attempts to expose OurMine members using fabricated information. The hackers concluded by urging social media users to promote the hashtag #WikileaksHack. Concurrently, other visitors attempting to access WikiLeaks.org encountered an account suspension notice instead of the defaced content, indicating potential disruptions to the site’s availability or administrative controls. The incident marked a public breach of the prominent document-leaking organization, though the exact duration of the unauthorized access and the full technical scope of the compromise remained unspecified in available reports.

OurMine had established notoriety prior to this incident through high-profile attacks targeting technology executives and media entities. In 2016, the group compromised Twitter CEO Jack Dorsey’s Twitter account and Google CEO Sundar Pichai’s Quora profile. They later breached websites of Variety and BuzzFeed following articles purporting to expose group members. Earlier in August 2017, OurMine hijacked HBO’s social media accounts. The group frequently exploited reused or outdated passwords to gain unauthorized access, though the specific attack vector against WikiLeaks was not disclosed. WikiLeaks did not issue an immediate public statement regarding the hack or the suspension notice observed by some users. The incident underscored ongoing vulnerabilities affecting high-visibility online entities despite their prominence in security-related activities.