“Everything is hackable,” a message posted to the social media accounts of multiple NFL teams said on Sunday. And yes, it was written by hackers.
The NFL’s social media feeds, along with those belonging to teams such as the Chicago Bears, Dallas Cowboys, New York Giants, and Philadelphia Eagles, were all temporarily taken over by a hacking group purporting to be OurMine, which has been behind similar kinds of activity in recent years.
Across Sunday and Monday, other targets included the San Francisco 49ers and Kansas City Chiefs, who are set to face each other in the Super Bowl on 2 February. In all, 15 teams were hit — 14 had their Twitter accounts compromised, with several also seeing their Instagram and Facebook accounts targeted, too.
OurMine said it had carried out the attacks to expose the security weaknesses of various social media services.
Many of the messages posted on the hacked accounts touted OurMine’s own business services for improving online security. The group also swapped out some of the teams’ profile pictures or headers, or deleted them altogether, according to a BBC report.
Some of the compromised accounts even announced surprise news for fans. Take the Chicago Bears. A message posted on its Twitter account, which has 1.8 million followers, announced that Saudi Arabian royal court advisor Turki Al-Sheikh had become the Bears’ new owner, while another message said one of the Bears’ big players — Khalil Mack — was being traded for $1. A short while later, the hackers followed up with the message, “Just kidding.”
After regaining control of its account, the Bears tweeted an apology to its fans:
Apologies that our account was compromised this morning. We’re back in the game & ready for the Pro Bowl.
— Chicago Bears (@ChicagoBears) January 26, 2020
Sources claiming to be from OurMine told the BBC that the hacking group had contacted the NFL prior to the attack offering to improve the teams’ online security, but it heard nothing back.
Twitter later confirmed that the accounts had been temporarily taken over by a third-party, saying: “As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at the NFL to restore them.” It declined to offer any information on how the attack may have occurred.
OurMine, which says it’s currently based in Dubai, has claimed responsibility for many similar hacks since its formation in 2014. For example, in 2016 it targeted the social media accounts of some big names in tech, including Google and Alphabet CEO Sundar Pichai, Facebook CEO Mark Zuckerberg, and the man at the top of Twitter, Jack Dorsey. This week’s hack marks the return of the group after several years of little activity.
