{
	"id": "e9396127-5d06-49db-8ade-65a7f1dedac4",
	"created_at": "2026-04-06T15:52:55.667889Z",
	"updated_at": "2026-04-10T13:12:07.70555Z",
	"deleted_at": null,
	"sha1_hash": "25f2e59ca7c7ecf71cb075068a076f2d42d575d8",
	"title": "A Hacker Group Hijacked Some Medium Blogs (Including Ours) | Fortune",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 213263,
	"plain_text": "A Hacker Group Hijacked Some Medium Blogs (Including Ours) |\r\nFortune\r\nBy Jeff John Roberts\r\nArchived: 2026-04-06 15:27:58 UTC\r\nOn Thursday morning, the hacker group known as “OurMine” hijacked several Medium blogs—including a\r\nFortune contributors network. The group hit Wired’s Backchannel site and, we believe, a Bloomberg Tech blog,\r\ntoo.\r\nMedium’s team took the sites down soon after being notified, eventually regaining control and restoring their\r\ncontent.\r\nThe hacker (or hackers) had taken over the Medium account of an employee on the blogging site’s strategic\r\npartnerships team, which works with publishers such as Fortune and Bloomberg, a person involved in the cleanup\r\ntold Fortune. During the attack, OurMine used its access to do what it usually does: deface the sites, blast notices\r\nthat they had been hacked, and claim to be “testing” security.\r\nGet Data Sheet, Fortune’s technology newsletter.\r\n“Hacked By OurMine ( Read – Important! ) – Hacked By OurMine ( Read – Important! ),” the group posted on\r\nBackchannel. A screenshot of the text captured in Google’s search engine cache following the takeover can be\r\nseen below.\r\n“We’re temporarily offline—thanks for bearing with us while we sort things out!” Backchannel posted on Twitter\r\nin the interim. (This site and the others are now back online.)\r\nhttps://fortune.com/2017/04/27/medium-ourmine-hack/\r\nPage 1 of 4\n\nThe vandals did the same to a Fortune’s “insiders” blog, which is independent from the website you’re currently\r\nreading. “Hacked By OurMine,” the group wrote on the Medium page, changing the content of existing posts.\r\n“Hi, it’s OurMine don’t worry we are just testing your security,” the group said, before directing people to the its\r\nown website. (We do not recommend visiting their site.)\r\nhttps://fortune.com/2017/04/27/medium-ourmine-hack/\r\nPage 2 of 4\n\nFortune believes the hackers also targeted Bloomberg Tech’s Medium page. Like Fortune’s and Backchannel’s\r\npages, Bloomberg’s homepage displayed a “404” error message shortly after the takeovers came to light. A\r\nBloomberg spokesperson declined to comment.\r\nIn a statement provided to Fortune, Medium confirmed the hack. “This morning a group claiming to be OurMine\r\ngained access to a few publications that are hosted on Medium.com and made several changes to their content,”\r\nthe company wrote. “We have stemmed all unauthorized access to these publications and halted the hack. We have\r\nreached out to all impacted publications to revert their sites to their previous state.”\r\nhttps://fortune.com/2017/04/27/medium-ourmine-hack/\r\nPage 3 of 4\n\nAccording to a spokesperson from Backchannel, the OurMine vandals replaced the content of three stories and\r\nhacked the site’s homepage, resulting in the site being offline for about an hour.\r\nA source familiar with the matter said Thursday’s incidents stemmed from OurMine hacking the Twitter (TWTR)\r\naccount of a Medium administrator. The employee also used the Twitter account as a log-in mechanism for the\r\nonline publication platform, which let the hacker access the publishers’ pages on Medium.\r\nThe hack of the employee’s Twitter account shows how using the login of one service to access another, while\r\nconvenient, can increase the potential damage if the original account is hacked. Users can see which applications\r\nare linked to their Twitter account and selectively revoke access here. (Also, remember to protect your online\r\naccounts with long, strong, unique passwords and two-factor authentication.)\r\nLearn about two-factor authentication here:\r\nThe group known as OurMine first emerged in 2016 and has earned a reputation as a nuisance hacker. It briefly\r\ntook over the social media accounts of well known business people, including those of Twitter CEO Jack Dorsey,\r\nFacebook (FB) CEO Mark Zuckerberg, and Google (GOOG) CEO Sundar Pichai, but did little more than\r\nannounce its name in its hacks.\r\nThe group has claimed its activity is a way to promote its security services, but many are skeptical. As a Wired\r\nprofile on OurMine noted last fall, “those seeking a security audit should probably not engage a group of\r\nanonymous, lawbreaking Twitter-defacement artists.”\r\nThursday’s hacks are not the first time OurMine has targeted media outlets. Last year, the group hacked BuzzFeed\r\nin apparent retaliation for a story by the site that claimed to identify one of OurMine’s members as a Saudi\r\nteenager. OurMine also appears to have vandalized a network of YouTube channels last week.\r\nSource: https://fortune.com/2017/04/27/medium-ourmine-hack/\r\nhttps://fortune.com/2017/04/27/medium-ourmine-hack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://fortune.com/2017/04/27/medium-ourmine-hack/"
	],
	"report_names": [
		"medium-ourmine-hack"
	],
	"threat_actors": [
		{
			"id": "e4ccfe5c-4d77-4503-bf1c-36076dbd78d0",
			"created_at": "2022-10-25T16:07:24.522697Z",
			"updated_at": "2026-04-10T02:00:05.02215Z",
			"deleted_at": null,
			"main_name": "OurMine",
			"aliases": [
				"ATK 128",
				"TAG-HA10"
			],
			"source_name": "ETDA:OurMine",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "74f1da67-5bc9-49ee-ba8e-b7e8b452a2c2",
			"created_at": "2023-01-06T13:46:39.021238Z",
			"updated_at": "2026-04-10T02:00:03.183989Z",
			"deleted_at": null,
			"main_name": "OurMine",
			"aliases": [],
			"source_name": "MISPGALAXY:OurMine",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775490775,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/25f2e59ca7c7ecf71cb075068a076f2d42d575d8.pdf",
		"text": "https://archive.orkl.eu/25f2e59ca7c7ecf71cb075068a076f2d42d575d8.txt",
		"img": "https://archive.orkl.eu/25f2e59ca7c7ecf71cb075068a076f2d42d575d8.jpg"
	}
}