Cyber Incident Victim: International Olympic Committee

On February 15, 2020, the Twitter accounts of the International Olympic Committee (@Olympics, 6 million followers) and FC Barcelona (@FCBarcelona, 31.9 million followers) were compromised by the OurMine hacking group. The attackers posted messages urging both organizations to improve their account security, referencing FC Barcelona's prior compromise by the same group in 2017 when they falsely announced a Real Madrid player transfer. OurMine noted FC Barcelona's security had improved since 2017 but remained insufficient, highlighting the recurring nature of these incidents for the football club, which also suffered a 2014 takeover by the Syrian Electronic Army. The unauthorized tweets were sent via Audiense Connect, a third-party Twitter marketing platform used for audience engagement analytics. No password cracking or credential theft occurred; the breach originated from compromised access to Audiense's systems.

Audiense confirmed a security breach affecting only three clients, with no compromise of passwords or financial data. This followed OurMine's identical attack vector against Facebook's Twitter account one week earlier through another third-party platform, Khoros. The hackers focused exclusively on posting non-malicious, taunting messages about security weaknesses rather than distributing scams or malicious links. The incident exposed vulnerabilities in third-party social media management tools relied upon by large organizations, though no operational disruptions or data theft beyond the unauthorized tweets were reported. FC Barcelona and the IOC regained control of their accounts after Audiense addressed the breach, with no further details provided about their internal response protocols or long-term security changes.