Twitter and Facebook are investigating after several NFL team social media accounts were compromised earlier this week. The accounts include both Super Bowl participants, the San Francisco 49ers and the Kansas City Chiefs, as well as 13 others. Some of the hacked accounts posted messages claiming to be from the hackers. OurMine, a hacking group, claimed responsibility, but it has not been confirmed if they were the source.
The hackers told The Daily Dot that they accessed the accounts through a third-party social media management platform. OurMine suggested their goal was to illustrate that internet security was “still low” and needed improvement. OurMine stated it reached out to the NFL to help secure its accounts by offering its services but did not receive a response. The hacking group deems itself a “white hat” group because they conduct their operations with the intention to demonstrate necessary security improvements. The Green Bay Packers Twitter account stated, “Hi, we’re Back (OurMine). We are here to Show people that everything is hackable.” OurMine has a history of hacking Silicon Valley executives, including the CEOs of Twitter and Google.
“As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at the NFL to restore them,” Twitter stated.
“We continue to work diligently with the teams, which have resumed normal operations,” the NFL said. “The NFL and teams are cooperating with its social media platform providers and law enforcement.”
Jim Zuffoletti, CEO of Safeguard Cyber, told The Washington Post that social media is often a security blind spot for organizations. “Know what assets you’ve got, don’t forget the basics like two-factor and think about this as part of your perimeter and do something about it.”
The incident highlighted the potential for the spread of misinformation. The Chicago Bears account tweeted that the team had been sold to a Saudi official and that it was trading a valuable player for $1.
As of this writing, no legal action has been taken against OurMine.