Cyber Incident Victim: Meta

On February 7, 2020, Facebook's primary Twitter account (@facebook) and its Messenger Twitter account were compromised by individuals claiming affiliation with the OurMine hacker collective. The attackers temporarily vandalized both accounts, posting unauthorized content visible to Facebook's Twitter followers. The compromise occurred on a Friday afternoon, with TechCrunch documenting the incident after observing the defacement. OurMine, a group with a history of similar social media account takeovers, publicly claimed responsibility for the breach. Prior incidents attributed to OurMine included January 2020 compromises of sports-related Twitter accounts, a 2016 hack of Niantic's CEO's Twitter account, and multiple media account breaches that same year. The group had also previously compromised TechCrunch's own accounts.

Twitter detected the unauthorized activity and responded by locking the compromised Facebook and Messenger accounts to prevent further malicious posts. The company stated it was collaborating with Facebook to restore legitimate access. Forensic evidence indicated the attackers posted content via Khoros, a social media management platform used by enterprises for customer engagement. The vandalized tweets were removed rapidly, though TechCrunch preserved a screenshot of the defacement before deletion. No data theft, financial impact, or secondary system compromises were reported. Facebook did not provide substantive public commentary on the incident, while Twitter's containment actions limited operational disruption to temporary account unavailability and reputational exposure from the brief defacement. The incident concluded with account control being restored to Facebook through coordinated remediation efforts with Twitter's security teams.