Hackers hijack social media accounts for the NFL and 15 teams

UPDATED: OurMine crew hijacks social media accounts for the NFL, the 49ers, Cardinals, Bears, Bills, Broncos, Browns, Bucs, Cowboys, Colts, Chiefs, Eagles, Giants, Packers, Texans, and Vikings.
Written by Catalin Cimpanu, Contributor
Image: Hence the Boom on Unsplash

A Saudi hacker group has mass-defaced the social media accounts of the NFL and 15 of its teams. The defacements were claimed by a group of hackers going by the name of OurMine.

The hacks, which occurred on the media-busy Super Bowl week, have been confirmed from multiple sources as follows:

  • NFL (hijacked Twitter account)
  • Arizona Cardinals (Twitter account)
  • Buffalo Bills (Instagram and Facebook accounts)
  • Chicago Bears (Twitter account)
  • Cleveland Browns (Twitter account)
  • Dallas Cowboys (Twitter, Facebook, and Instagram accounts)
  • Denver Broncos (Twitter account)
  • Green Bay Packers (Twitter account)
  • Houston Texans (Twitter account)
  • Indianapolis Colts (Twitter account)
  • Kansas City Chiefs (Twitter account)
  • New York Giants (Twitter account)
  • Minnesota Vikings (Instagram account)
  • Philadelphia Eagles (Twitter account)
  • San Francisco 49ers (Twitter account)
  • Tampa Bay Buccaneers (Twitter account)
Image: ZDNet

Exact details of how the defacements took place are currently unclear, however, a large portion of the tweets posted by the OurMine crew on the hijacked accounts are coming from Khoros.

Khoros is a web service used by digital marketing and public relations departments to manage social media accounts and gauge social media engagements, and is usually connected to a social media account as a third-party app.

A Khoros spokesperson told ZDNet today that "the Khoros platform was not compromised."

"We are helping a Khoros customer manage an incident, which involved unauthorized access into employee user accounts within their organization," Khoros said, without naming the client -- which is most likely the NFL. "We are committed to our customers' security and are partnering with them to help them resolve the situation."

OurMine's long history of social media account hijacking

Today's hacks are not a surprise for cyber-security experts. OurMine, the group behind the hack, has built a reputation over the years for their ability to hijack the social media accounts of high-profile celebrities and tech CEOs, such as Mark Zuckerberg, Jack Dorsey, or Sundar Pichai, just to name a few.

The group, which has been active since 2016, is believed to consist of several Saudi teenagers. Prior to today's defacements, the OurMine crew has been dormant for more than two years, since September 2017, when they got into a little bit of trouble by stealing and leaking files from Vevo's internal servers.

The NFL and its teams now join a long list of celebrities, companies, and Silicon Valley CEOs who had their social media accounts hacked by the OurMine crew, which includes the likes of:

  • BuzzFeed (website defacement)
  • TechCrunch (website defacement)
  • Variety (website defacement)
  • BBC (Twitter account)
  • Play Station Network (Twitter account)
  • Netflix (Twitter account)
  • Marvel Studios (Twitter account)
  • WWE (Twitter account)
  • Game of Thrones (Twitter account)
  • FC Barcelona (Twitter account)
  • Real Madrid (Twitter and YouTube accounts)
  • CNN (multiple Facebook accounts)
  • New York Times (Twitter account)
  • WikiLeaks (DNS hijacking, website defacement)
  • Mark Zuckerberg (Facebook CEO, they hacked his Pinterest and Twitter profile)
  • Dick Costolo (former Twitter CEO, they hacked his Pinterest account and cross-posted to his Twitter account)
  • Jack Dorsey (Twitter CEO, they hacked his Vine account and cross-posted to his Twitter account)
  • Sundar Pichai (Google CEO, they hacked his Quora account and cross-posted to his Twitter profile)
  • John Hanke (Niantic CEO, they hacked his Quora account and cross-posted to his Twitter profile)
  • Zach Klein (Vimeo CEO, they hacked his Quora account and cross-posted to his Twitter profile)
  • Ev Williams (Twitter, Blogger, and Medium co-founder, they hacked his Twitter account)
  • Marissa Mayer (Yahoo CEO, they hacked her Twitter account)
  • Jimmy Wales (former Wikipedia CEO, they hacked his Twitter account)
  • Daniel Ek (Spotify CEO, they hacked his Twitter account)
  • Brendan Iribe (Oculus Rift CEO, they hacked his Twitter account)
  • Adam Mosseri (Facebook VP, they hacked his Twitter account)
  • Deadmau5 (music DJ, Twitter account)
  • David Guetta(music DJ, Twitter account)
  • Channing Tatum (actor, Twitter account)
  • Drake (music artist, Twitter account)
  • ... and loads of other celebrities such as Lana Del Rey, Pewdiepie, Alexa Losey, Kylie Jenner, and many YouTube stars.

In previous interviews, the OurMine crew has admitted to using unsophisticated methods to gaining access to hacked accounts.

The group said they'd take passwords leaked during data breaches at other services and attempt to use the same passwords to gain access to accounts on other websites. If account owners reused passwords and failed to protect accounts with two-factor authentication, OurMine hackers would hijack and deface an account.

But besides hijacking social media accounts for celebrities, OurMine also engaged in other forms of cybercrime. They often took credit for hacking online forums and other legitimate companies and then putting their data up for sale online -- using the reputation they forged by hacking tech CEOs to boost their sales on underground forums.

Article updated one hour after publication to confirm hacks of other NFL teams. Initially reported as hacks of Bears and Packers Twitter accounts.

The FBI's most wanted cybercriminals

Editorial standards