The cybercriminal group OurMine hacked 15 Twitter accounts of the U.S. National Football League (NFL) teams including NFL’s handle and posted a message, “Hi, we’re back. We are here to show people that everything is hackable.”
Exact details of the account hijacking remained unclear, however, the majority of the tweets posted by the OurMine operators on the hijacked accounts came from Khoros. It is a web-based third-party application used by the organization’s digital marketing and public relations departments to manage their social media accounts and gain useful insights into public engagements across different platforms.
As per ZDNet, along with Twitter, the OurMine group also managed to hack some of NFL Teams’ Facebook and Instagram accounts including:
- NFL (Twitter account)
- Arizona Cardinals (Twitter account)
- Buffalo Bills (Instagram and Facebook accounts)
- Chicago Bears (Twitter account)
- Cleveland Browns (Twitter account)
- Dallas Cowboys (Twitter, Facebook, and Instagram accounts)
- Denver Broncos (Twitter account)
- Green Bay Packers (Twitter account)
- Houston Texans (Twitter account)
- Indianapolis Colts (Twitter account)
- Kansas City Chiefs (Twitter account)
- New York Giants (Twitter account)
- Minnesota Vikings (Instagram account)
- Philadelphia Eagles (Twitter account)
- San Francisco 49ers (Twitter account)
- Tampa Bay Buccaneers (Twitter account)
OurMine’s Hacking History
This is not the first time that the OurMine group has hacked the social media accounts of known personalities and teams. In 2017, OurMine operators hacked Twitter handles of Futbol Club Barcelona and Real Madrid Club de Futbol. The hackers sent out tweets from Real Madrid Club de Futbol’s Twitter account in English and Spanish, which announced the joining of major rival player Lionel Messi. They also posted video footage from an earlier match which showed Messi scoring for Barcelona against Real Madrid. The tweets were visible for almost 90 minutes on the football club’s handle but were later removed. The welcoming post of Messi had grabbed the attention of the fans by then, as the tweet received almost 2,800 likes and 3,100 retweets.
Other victims in this list include Wikipedia co-founder Jimmy Wales, Facebook co-founder Mark Zuckerberg, Google CEO Sundar Pichai, as well as organizations such as Buzzfeed. The group also breached the social media accounts of the home media giant, HBO. OurMine claims that the cybersecurity breaches are done by them to expose weaknesses in the victim’s system and promote its own cybersecurity services.