A Saudi hacker group has mass-defaced the social media accounts of the NFL and 15 of its teams. The defacements were claimed by a group of hackers going by the name of OurMine.
The hacks, which occurred on the media-busy Super Bowl week, have been confirmed from multiple sources as follows:
looks like Vikings insta account got hacked #ourmine pic.twitter.com/sM1VI25Igl
— M (@TheSacredChurro) January 27, 2020
No football today, but it’s still fun seeing the @ChicagoBears take an L. pic.twitter.com/FDieRI4yga
— Andy Herman (@AndyHermanNFL) January 26, 2020
The #Cowboys, #Broncos and #Texans got hacked as well.
— Dov Kleiman (@NFL_DovKleiman) January 27, 2020
The Cowboys, like the Bills and others, were also hacked on @instagram pic.twitter.com/X7osJLvqjo
Exact details of how the defacements took place are currently unclear, however, a large portion of the tweets posted by the OurMine crew on the hijacked accounts are coming from Khoros.
Khoros is a web service used by digital marketing and public relations departments to manage social media accounts and gauge social media engagements, and is usually connected to a social media account as a third-party app.
A Khoros spokesperson told ZDNet today that "the Khoros platform was not compromised."
"We are helping a Khoros customer manage an incident, which involved unauthorized access into employee user accounts within their organization," Khoros said, without naming the client -- which is most likely the NFL. "We are committed to our customers' security and are partnering with them to help them resolve the situation."
Today's hacks are not a surprise for cyber-security experts. OurMine, the group behind the hack, has built a reputation over the years for their ability to hijack the social media accounts of high-profile celebrities and tech CEOs, such as Mark Zuckerberg, Jack Dorsey, or Sundar Pichai, just to name a few.
The group, which has been active since 2016, is believed to consist of several Saudi teenagers. Prior to today's defacements, the OurMine crew has been dormant for more than two years, since September 2017, when they got into a little bit of trouble by stealing and leaking files from Vevo's internal servers.
The NFL and its teams now join a long list of celebrities, companies, and Silicon Valley CEOs who had their social media accounts hacked by the OurMine crew, which includes the likes of:
In previous interviews, the OurMine crew has admitted to using unsophisticated methods to gaining access to hacked accounts.
The group said they'd take passwords leaked during data breaches at other services and attempt to use the same passwords to gain access to accounts on other websites. If account owners reused passwords and failed to protect accounts with two-factor authentication, OurMine hackers would hijack and deface an account.
But besides hijacking social media accounts for celebrities, OurMine also engaged in other forms of cybercrime. They often took credit for hacking online forums and other legitimate companies and then putting their data up for sale online -- using the reputation they forged by hacking tech CEOs to boost their sales on underground forums.
Article updated one hour after publication to confirm hacks of other NFL teams. Initially reported as hacks of Bears and Packers Twitter accounts.