Cyber Incident Victim: Real Madrid Club de Fútbol
Date:
Aug 2017
Location:
Spain
Summary
Real Madrid's official Twitter account was compromised by the hacking group OurMine, which posted a fraudulent announcement claiming the club had signed Lionel Messi from rival Barcelona. The hoax tweet remained visible for over an hour, amassing significant attention with more than 27,000 retweets before being removed. OurMine subsequently criticized internet security standards in follow-up messages, though their motives for the attack were not clearly established. This incident disrupted the club's social media presence and caused widespread misinformation regarding player transfers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 28, 2017, the official Twitter account of Real Madrid Football Club was compromised by the hacking group OurMine. The attackers posted a fraudulent transfer announcement claiming Barcelona star Lionel Messi had signed with Real Madrid. The fabricated tweet remained visible for over an hour, accumulating more than 27,000 retweets and achieving viral status before being deleted. OurMine subsequently used the compromised account to post additional messages criticizing internet security standards, stating "Internet security is s*** and we proved that." This marked the second major social media breach targeting a Spanish football giant, following Barcelona's 2014 account compromise by actors claiming affiliation with the Syrian Electronic Army.
The incident generated significant public attention due to the high-profile nature of both clubs and players involved, coupled with the longstanding rivalry between Real Madrid and Barcelona. While the precise intrusion method remained unspecified, the attackers demonstrated capability to access and manipulate verified institutional social media channels. The prolonged visibility of the fraudulent Messi transfer tweet—approximately 60 minutes—indicated delayed detection or response mechanisms. No technical remediation details or organizational responses from Real Madrid were disclosed in available reporting. OurMine's motivations for targeting football clubs remained unclear, with no explicit financial or political demands accompanying the account takeover. The event highlighted vulnerabilities in social media account security for high-visibility organizations with global fanbases.