Cyber Incident Victim: FC Barcelona

On February 15, 2020, the OurMine hacking collective compromised the official Twitter accounts of FC Barcelona, the International Olympic Committee (IOC), and the Olympic Games. This marked the second time OurMine targeted FC Barcelona’s social media presence, following a similar 2017 incident where the group defaced both the club’s Facebook and Twitter accounts. Twitter confirmed the breach occurred through a third-party platform and locked the affected accounts upon detecting unauthorized access. FC Barcelona publicly acknowledged the attack via Twitter, announcing plans to conduct a cybersecurity audit and review its security protocols. The IOC separately confirmed it was investigating the breach of its social media accounts but did not disclose additional details about the intrusion or its scope.

During the compromise, OurMine posted tweets claiming to have accessed FC Barcelona’s private communications, including hints about footballer Neymar’s potential return to the team. The hackers also mocked the club for falling victim to a repeat attack, though these tweets were later deleted. The incident mirrored OurMine’s broader pattern of high-profile social media takeovers, including hijacking 15 NFL team accounts and the league’s main Twitter account earlier in 2020, as well as compromising Facebook and Messenger’s official Instagram and Twitter accounts days before the FC Barcelona breach. Account takeover methods were consistent with credential stuffing attacks, where automated bots use stolen or leaked credentials to gain unauthorized access. No data theft or system compromises beyond the social media accounts were confirmed in public statements from the affected organizations.