Cyber Incident Victim: Marvel

On December 20, 2025, the OurMine hacking group compromised the official Twitter accounts of Netflix US, Marvel Entertainment, and the National Football League (NFL), along with several Marvel character accounts including Black Panther, Captain America, Iron Man, Ant-Man, Thor, and Doctor Strange. The attackers first gained control of Netflix US’s Twitter account late that evening, posting messages criticizing the account’s security measures before Netflix regained access and removed the unauthorized content. OurMine subsequently notified IBTimes UK via email of their breach of Netflix, followed by separate claims of compromising Marvel’s primary account and its linked character profiles. The group concluded their activity by hijacking the NFL’s official Twitter account, declaring it their final target for the day. All compromised accounts displayed similar messages highlighting security deficiencies before operators restored control and deleted the malicious posts.

The attackers exploited a vulnerability in Marvel’s account management structure, where the primary Marvel account was interconnected with its character profiles through Tweetdeck, enabling cascading access. OurMine reiterated their non-malicious intent, framing the incidents as demonstrations of inadequate cybersecurity defenses rather than attempts to inflict harm or exfiltrate data. The breaches caused temporary disruption to official communications across all affected accounts but resulted in no permanent data loss or disclosed theft of credentials. Account operators successfully mitigated the incidents by regaining access and purging unauthorized content, with no reported collateral damage to associated systems or user data. The incident underscored operational risks in centralized social media management tools and highlighted the group’s continued focus on high-profile targets to publicize security shortcomings.