Cyber Incident Victim: Green Bay Packers
Date:
Jan 2020
Location:
United States of America
Summary
The Green Bay Packers were among multiple NFL teams and the league itself targeted in a coordinated social media account takeover by the OurMine hacking group. Attackers briefly compromised Twitter, Facebook, and Instagram accounts across several franchises, posting unauthorized content to tens of millions of combined followers before control was restored. This incident formed part of a broader campaign where the group hijacked high-profile accounts to demonstrate security vulnerabilities and promote their services, following earlier compromises of celebrity and executive profiles. The hackers leveraged credential-based attacks against accounts lacking sufficient protective measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 22, 2020, the OurMine hacking group resumed high-profile cyber intrusions by compromising social media accounts across multiple National Football League (NFL) teams, including the Green Bay Packers. The Packers' verified Twitter and Facebook accounts were hijacked alongside those of the Dallas Cowboys, Buffalo Bills, Houston Texans, Minnesota Vikings, Kansas City Chiefs, and the NFL's official accounts. This coordinated attack occurred within a two-hour window, with OurMine publicly claiming responsibility via their Twitter account during the breach. The group had initiated their 2020 campaign earlier that week by targeting individual celebrities and tech figures, including Facebook co-founder Eduardo Saverin, before escalating to major sports franchises. OurMine exploited compromised credentials to gain unauthorized access, though the specific intrusion vectors for the Packers' accounts were not disclosed. The hackers used their control to post announcements promoting their group and highlighting security vulnerabilities, though the exact content posted on the Packers' accounts was not detailed in available reports. All affected NFL accounts were reclaimed by their legitimate owners within a short timeframe, with no reports of persistent access or data exfiltration.
The incident impacted seven NFL entities collectively managing tens of millions of social media followers, disrupting official communications channels during the league's offseason. For the Green Bay Packers, the compromise affected both primary Twitter and Facebook presences, though the duration of unauthorized control was brief. No financial losses or compromised fan data were reported in connection with the Packers' breach. OurMine's Twitter account was suspended following the attacks, curtailing their ability to publicly claim further intrusions. The group framed their actions as both entertainment ("for the lulz") and a security awareness demonstration, though they provided no specific remediation guidance to victims. League and team responses focused on restoring account access without publicly confirming whether additional security measures like multi-factor authentication were implemented post-incident. The Packers' social media operations resumed normal activity following the incident, with no subsequent breaches attributed to OurMine reported through 2020.