How OurMine Found Pokemon, and Why They Were Looking

We’re never surprised when we hear that OurMine has been up to no good. They’ve proved their abilities with high-profile cyber attacks: Mark Zuckerberg, Jack Dorsey, Travis Kalanick, and even Techcrunch themselves!


Since hacking Techcrunch on July 26, OurMine has pulled yet another act of destruct: they’ve hacked John Hanke’s Twitter account.

Why We Appreciate OurMine — READ NOW!

John Hanke, CEO of Niantic, aka Creator of Pokemon Go (App)


On July 31st, a series of Tweets were posted to Hanke’s account, which boasts 16,000 followers — and somehow, OurMine got hold of his password “nopass”(really?! You’d think people would learn from others’ mistakes), which they declared (in a tweet) was too easy. At this point, we’re not quite sure how they figured it out…even if it was easy.

OurMine’s Incentives: Be Cyber Aware

Well known for their attacks on social networks and bigwig accounts therein, OurMine often claims (as they did with the TechCrunch hack) that their goal is to boost cyber awareness.

And, as per OurMine’s wishes, their Pokemon-based hack did indeed trigger reactions on Twitter feeds, such as:


The Importance of Password Protection

Thanks to images like these that people tweet, society is indeed becoming more aware of the need to take precautionary measures against cybersecurity, especially when it comes to secure passwords that are less susceptible to hacking activity.

This is evident in events like “National Cyber Security Awareness”, which happens every October, and advocates initiatives like password management — which prevent incidents like John Hanke’s Twitter fiasco.

But Niantic falling victim to cyber crime (on Hanke’s behalf) is only one example of its vulnerabilities that hackers can tap into, among many others which warrant explicit cyber awareness on behalf of organizations and end users alike.  

What many don’t realize is that Niantic’s cyber resilience is not only jeopardized by weak passwords on social media, but to other privacy weaknesses that are caused by the company’s unique intellectual property system.

When Privacy is Weak, Cybersecurity is, too

Niantic’s Pokemon Go app actually has considerably weak privacy terms; in their current state, the app’s terms and conditions give Niantic the right to pass on user data to third parties. This is a particularly heightened risk because of the game’s inherent amount of location tracking that can connect with every user’s Google account.

But the Federation of German Consumer Organizations (VZBZ) have taken this topic one step further — who threatened Niantic Labs with a legal warning against its user terms and privacy policy, which will result in a lawsuit between the two parties unless 15 clauses in the terms are changed by August 9, 2016.

[Read Now: How Privacy Regulations Can Threaten Cybersecurity]

User Privacy Terms that Hackers Long For

Because their current policies give Niantic the right to pass on user data to third parties at the company’s discretion, once a cyber criminal gets muddled into the app’s servers or internal system, he can go wild with user data that are highly sensitive, even governments are willing to fight for their confidentiality.

Finally, despite their upper hand in the cyber realm, OurMine hasn’t tackled all the pillars in cyber awareness that Pokemon Go points to.

True, secure passwords are crucial to everybody and anybody’s cyber posture, but the relationship between privacy and cybersecurity is a constantly evolving dynamic that only gets wider with time.

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start