Cyber Incident Victim: San Francisco 49ers
Date:
Jan 2020
Location:
United States of America
Summary
A hacker group known as OurMine compromised social media accounts belonging to multiple National Football League teams and the league itself, briefly hijacking their Twitter, Facebook, and Instagram profiles. The attackers used the accessed accounts to post announcements promoting their group and demonstrating vulnerabilities in the victims' security practices, impacting several high-profile teams with tens of millions of combined followers before control was restored.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The OurMine hacking group resumed public activity on January 22, 2020, initiating a series of social media account takeovers targeting high-profile individuals and organizations. Their first confirmed victim that year was Eduardo Saverin, Facebook co-founder and angel investor, though specific platform details were not disclosed. Over subsequent days, the group expanded their attacks to compromise Twitter accounts belonging to Will Smith (CEO of FooVR), Bobby Berk (Queer Eye star), Enrique Hernández (L.A. Dodgers player), Matt Raub (film director), and the Dave Moss YouTube channel, collectively affecting over one million followers. This activity culminated on January 27 when the hackers simultaneously targeted multiple National Football League entities, breaching at least seven team accounts and the official NFL accounts across Twitter, Facebook, and Instagram platforms. The affected NFL teams included the Dallas Cowboys (Instagram/Facebook), Buffalo Bills (Instagram/Facebook), Houston Texans (Facebook), Minnesota Vikings (Instagram/Facebook), Kansas City Chiefs (Twitter), Green Bay Packers (Twitter/Facebook), and the league's primary Twitter and Facebook accounts.
Attackers maintained control of compromised accounts for approximately two hours during the NFL incident, using the platforms to promote the OurMine group while demonstrating access to accounts with tens of millions of combined followers. No data theft or financial motives were disclosed, with the hackers primarily posting messages highlighting security vulnerabilities. Platform administrators and account owners regained control within hours, with Twitter subsequently suspending OurMine's operational account. The incident exposed authentication weaknesses across major social platforms, particularly regarding credential management for organizational accounts with multiple administrators. While no permanent damage or data exfiltration was reported, the coordinated breaches disrupted official communications channels for multiple professional sports franchises during the NFL's postseason period.