How Maine Mendoza became the unwilling poster girl for personal data security

This is an update to yesterday’s piece “YayaDub Got Hacked”. Since the original hack of Maine Mendoza’s Twitter account came to light at about 1 am on November 3, we have since learned more information, and some of it is pretty depressing.

Here is the chronology of events as we now know it:

  • Maine’s Yahoo email and Facebook accounts have been hacked as well, and she has been unable to access these up to this time.
  • At 3 am Tuesday, the hack was reported to Twitter.
  • At around 12 noon, Twitter informed TAPE that the account had been recovered. The hackers claimed they had “returned” the account to Maine, but this turned out to be false. It was actually recovered by Twitter officials.
  • At around 4 PM on Tuesday, Maine found out that her Instagram account was likewise inaccessible.

Remember that Maine’s ascent to fame has been largely due to her prowess at social media. She’s not the product of a traditional star making machine. Maine essentially created her public persona on the Internet, using her Internet accounts and skill in creating the Dubsmash videos that catapulted her to fame.

Now deny her access to those self same accounts – it’s like cutting off a piece of her soul. Definitely her internet identity has been stolen. Violated. Like a virtual rape. Reports have come our way that the poor girl was in tears yesterday. And it’s perfectly understandable.

As a social media savvy celeb with 2.4 Million Twitter followers. Maine was particularly vulnerable to the “Anonymous Philippines” attacks. And it’s not over yet. As of this writing,  she still does not have access to her Yahoo email address, which gives the hackers the ability to take over any account she’s created with that address. And since they took over her Facebook account, any other third party account created with that account via Facebook authentication can be hijacked as well.

As the experience of the recent Sony Hack on Hollywood showed, compromised emails can be the source of headaches for celebrities and private citizens alike. Hacked email accounts can contain more than just private correspondence, they can contain documents, contracts, personal photographs.

The Odd Hackers

The response of the hackers, who claim to be affiliated with Anonymous Philippines, is a little puzzling. On their Facebook page, they admit to hacking the Twitter account to obtain a platform for promoting their activities, but deny responsibility for everything else, defensively professing innocence to hijacking the other accounts. (Question: if they didn’t do it, who else had access to Maine’s Yahoo email account, which would be required to take over her Twitter account and change her password?) They even claim to be Aldub fans!

Anony

They also spend a lot of their time fending off barbs from irate Aldub Nation members. Devoid of articles on Edward Snowden, Wikileaks, global government conspiracies, or the global Anonymous movement in general, the local page is unlike any Anonymous page we’ve even seen.

A Wake Up Call, of sorts

With her fame and her millions of followers, Maine was a ripe target. But the sobering thing is, so are the rest of us. Consider this a wake up call to practice all the usual precautions that data security experts keep reminding us of.

Such as the importance of changing passwords often, or making use of additional layers of security like two factor authentication, which ties your account to your mobile number, and requires you to type in security PINs sent to your phone via SMS or through your apps’s notifications. Here’s how to turn on this feature in Twitter. 

As I write this, the hashtag “#WeGotYourBackMeng” is still trending on Twitter,. At the same time a large number of tweets are cautioning everyone to be more mindful about data security and make use of advanced features like two factor authentication. I have never seen so many ordinary folks talking about two factor authentication until now. PH-CERT would be pleased.

In a way we’ve all been affected by this hack. And we’ve all seen it as a wake up call. It may not be an appropriate time to give thanks, but thanks anyway, Maine. And we hope you come out of this dark cloud okay.

15161175750_2d0ae95e92_z
photo credit: Shaun Fisher / Flickr
3:15 pm Update: Maine’s Yahoo Email and Instagram accounts have been recovered. This was posted today by Carlo Ople of DM9 (TAPE’s agency):

And as of around 1 PM, Maine’s Facebook account was secured:

All attempts to regain access to the accounts were done directly by TAPE’s reps coordinating with the Internet companies. The Anonymous hackers were NOT involved.

Advertisements

2 thoughts on “How Maine Mendoza became the unwilling poster girl for personal data security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s