Hamid Mir’s twitter account, which has over 1.6 million followers, has been reportedly hacked by an unknown hacker just moments ago. The hacker, without identifying him/herself, leaked Hamid Mir’s private emails online, however, we could not confirm if these emails indeed belonged to Hamid Mir or not.
From the look of things, its more than just the Twitter account that was compromised as some tweets include bank statements and email excerpts from his official email ID as well.
Update:
Hamir Mir, while speaking to a Dawn News show, confirmed that his Twitter account was hacked. “Since my iPhone was linked with Twitter, hence my phone got blocked too”, said Hamid Mir.
Mir said that emails shared by hacker are probably from last year, but since he hasn’t gone through all the email screen-shots himself, he wouldn’t say with certainty about the legitimacy of email contents.
Without naming anyone, Hamid said that mastermind before this hacking incident is evident from tweets. “From the content of tweets its apparent who is behind the works, but since I don’t have any evidence I would rather not make a sweeping statement”, said Mr. Mir.
At the time of writing, tweets are still up but we’re posting screenshots just in case the account is recovered and they are deleted:
We honestly don’t understand why people refuse to enable two step verification for their social media accounts, especially when there’s a lot on stake for professionals like Hamid Mir.
As mentioned above, legitimacy of emails leaked on hacked Hamid Mir’s Twitter account is yet to be verified. Nonetheless, this is very scary and implications of this hacks are going to be huge.
Hopefully Mir and other prominent personalities on Twitter have learned their lesson.
You can check out Hamid Mir’s Twitter account here.
Update
Hamid Mir — after 12 hours of loosing control over his account — gotback the access to his Twitter account, and as you would expect all above tweets have been deleted.
Hamid Mir’s account remained under hacker’s control for around 10 hours which is beyond common comprehension.
Not to mention, account never went into suspended mode, something that Twitter does for accounts that are reported for hacks.
Mr. Mir — in an interview with Dawn News — said that restoration of his access to his account is taking time because its night time in the USA.
ohh boy !!!
cha gya hacker, kya allaw tweet kiay hein, love u yar
Thats a real breaking news of today and loved it too! ;)
Oh my God ! These emails seem to be real :o
Good job on the watermarking there -_-
Hamid Mir is one of Mir Jafar and Mir Sadiq, he’s a traitor of this country.
Don’t say it until you are authorized to announce traitors.
Oh please. Two-factor authentication is not a fool-proof method to save yourself from hacks. There are many brilliant hackers in the world (especially from Iran) who can now hack your google account enabled with two-factor authentication. It’s just a precaution!
And Hamid Mir is a professional? lolololo..
brilliant hackers in Iran you say? I will make fun of you another day. For now, read:
http://betanews.com/2015/12/02/popular-free-mail-services-still-use-vulnerable-versions-of-ssl/
I think an unpopular Google powered engine was used to find vulnerable targets in Geo’s network.
You can keep your laughs in your little brain. And here is something for you: Irani hackers bypassing Google 2 factor security in real-time (https://citizenlab.org/2015/08/iran_two_factor_phishing/)
People around the world tweak with things, they don’t just scroll through internet to spray empty sarcasm.
That attack requires the user to enter something (the 2FA code). It won’t work if the user uses HOTP/TOTP authenticators instead of SMS. If the user is careful, then 2FA will keep him/her safe.
There is no way to bypass 2FA at present.
Gmail and Google Authenticator already uses HOTP/TOTP authenticators. (http://security.stackexchange.com/questions/35157/how-does-google-authenticator-work)
Still isn’t helpful for prevention from the creative guys. ;)
see? a little brain is more proficient at tech than all Iranian brain cells combined. Those who tweak with things live outside Iran. You just fail to exit the cave you have been living in. Honestly, coons like you should be kicked back into Iran. We are better off without you. Have met many shia but you are first hardliner fanboy zealot ive come across.
Wooah what’s up with the Hate Speech dude? How many glasses of hate do you drink each day??
Did I say I’m shia? Is my religion even under discussion here? If your personal problems with Iran (or shias) are burning a fire under your hole then why are you showing so much of that insecurity here in the public??
Keep your Mullah Hate Speech to yourself, because no one is interested in it here. At least in IT articles.
excerpt from the same article you are so impressed from
Attacks on 2FA: Nothing New Under the Sun
As researchers have observed for at least a decade, a range of attacks are available against 2FA. Bruce Schneier anticipated in 2005,
for example, that attackers would develop real time attacks using both
man-in-the-middle attacks, and attacks against devices. The“real time”
phishing against 2FA that Schneier anticipated were reported at least 9 years ago.
Today, researchers regularly point out the rise of “real-time” 2FA phishing, much of it in the context of online fraud.
gushes of laughs at inept old school fraudsters and criminals and their lackeys and pimps. Thats not hacking kid. Its fraud attempt and an ordinary crime. I am amazed at your inflated ego. Phishing is your brilliance in hacking..haha man yeah right. You praise only what your narrow exposure limits you to. Phew..
>Two-factor authentication is not a fool-proof method to save yourself from hacks.
Locking the door is not foolproof. Leave the door open and let anyone come in.
>There are many brilliant hackers in the world (especially from Iran) who
can now hack your google account enabled with two-factor
authentication.
There is no magic involved. If something is being done then it is because of an exploit or social engineering. An exploit is highly highly unlikely when it comes to Google accounts. Social engineering is always possible. But that does not make them brilliant hackers. Just conmen.
Whoaww brakes to the hostility dude! Relax. Ignoring your baseless door analogy, if you try to read closely, I mentioned It’s just a precaution.
And you can use words what you want. I appreciate the execution of a skill on such a massive scale. I call it brilliant, you can call it con, I could care less. Looks like you got burned more by the word: ‘Irani’. :P
what if hacker is form goog… who knows…!!
Kon itna wela hai Google mein jo Hamid Mir ko hack krny ka sochy ga bhi :P
Looks like Geo is using Microsoft Exchange server for their emails and HM’s email account was hacked. Which in turn lead to twitter hack.
But whoever hacked it must have gotten all his emails .. It be interested to see what comes next.
desi leaks… from wiki leaks… lol
Nope, the twitter account was the one that got hacked by brute force method. The hacker got access to his private email because it had the same password as the twitter account.
Lol this is classic, not sure if you are privy to the actual incident but sounds totally legit
Because it is? Are you need to this?
Try brute-forcing your twitter/facebook account! Try inputting password for more than 5 times. Then tell me what happened and we’ll laugh together.
Not if you use a different IP each time. Look up how The Fappening happened, when hackers gained access to millions of celebrity iCloud accounts using brute force method.
Hate to burst your bubble but, Inam is right on this. Brute force doesn’t work on this unless you bypass interface’s password-retry count constraints and gain direct access to the password database.
You can try using this method by constantly changing IP addresses. Twitter will lock subject account after maximum password retries reached.
As for the fappening hack, read this.
“Apple’s iCloud investigation concluded actresses accounts had been accessed due to weak passwords and phishing attempts.”
I’m assuming you know that phishing and brute force is not the same thing.
As already mentioned by Umair A. Shahid, constant IP change will do no good. They will lock the ACCOUNT itself, whether you change 100k IPs per second it’d be of no use.
Poor Mir sahb..
now try Hassan Nissar too….waiting
حامد میر کا جیو ٹی وی سے عائب ہونا۔۔۔۔ اور کافی دنوں سے میڈیا میں نہ آنا اور اب ان کا اکاونٹ ہیک ہوجانا۔۔۔۔۔۔ کئی سوالات کو جنم لیتا ہے۔۔۔۔۔ ☻
Well Mir sb have a quality that he always have to keep himself alive in the media, therefore he needs some stunts. I guess it’s one of those.
Buht Alaaaaaaaaaaaa
Restoration of his access to his account is taking time because its night time in the USA.
Seems all planned… and more likely if you analyze the data that is leaked. Its all Hamid Mir’s own doing… Good Job Hamid Mir on playing the “My account was hacked” game.
What you’ve linked to up above is just a sophisticated phishing attack. The only difference is they’ve added an extra page for the authenticator.
I repeat: 2FA is not broken. There is no technical attack against a properly implemented 2FA system (which Facebook, Google, Twitter and others offer) right now, and almost all attackers will be thwarted by it.
I got your point. Though I didn’t mention they were using a fake front, I understood the process but didn’t thought over the real 2FA itself. Thanks for correction. ;-) I’m going to edit my original comment.
bohat ala larkayyy :p