Cyber Incident Victim: Schalke 04

On September 10, 2024, Schalke 04's X (formerly Twitter) account was compromised by hackers who posted cryptic messages about a cryptocurrency partnership. The unauthorized posts included a teaser stating, "We have big news for the crypto world! What do you think? Check out our next tweet!" followed by an announcement of a purported collaboration with an unspecified crypto entity. The club detected the breach and regained control of the account within hours, deleting the fraudulent posts and publicly acknowledging the incident with a post stating, "Sorry, Leute, jetzt hat es auch uns erwischt. #Hacker" ("Sorry, guys, now it's hit us too. #Hacker"). This marked the first confirmed security incident affecting the club's social media presence during this period.

Three days later on September 13, 2024, a second coordinated attack occurred targeting both Schalke 04's X account and the X account of Brazilian footballer Neymar Jr.'s official website (with 1.9 million followers). Attackers simultaneously posted fabricated transfer announcements claiming Neymar—who was under contract with Saudi club Al-Hilal and recovering from an ACL injury—had signed a 10-game sponsorship deal with Schalke 04 funded by Solana, a cryptocurrency company. The false posts caused immediate confusion among fans due to their appearance on both verified accounts. Schalke 04 again identified the compromise, removed the fraudulent content, and implicitly confirmed the breach through deletion without issuing new public statements. No technical details about attack vectors, data impacts, or financial losses were disclosed by either party. The incidents exposed vulnerabilities in the social media management of both entities, disrupted fan communications, and necessitated reactive account security measures.