Cyber Incident Victim: New York Giants
Date:
Jan 2020
Location:
United States of America
Summary
The OurMine hacking group compromised multiple NFL teams' social media accounts, briefly seizing control of Twitter, Facebook, and Instagram profiles. Attackers posted promotional content during the short-lived breaches before accounts were recovered. The incident impacted several high-profile teams and the league's official accounts, collectively affecting tens of millions of followers. This campaign followed earlier compromises of celebrity and executive accounts, with the group claiming intrusions to demonstrate security vulnerabilities. No data theft or destructive activity was reported, though the breaches disrupted normal operations and highlighted authentication weaknesses. The hackers' Twitter account was subsequently suspended following the coordinated attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 22, 2020, the OurMine hacking group resumed public activity by compromising the Twitter account of Eduardo Saverin, Facebook co-founder and angel investor. This marked their first high-profile account takeover of the year after a period of reduced visibility since 2017. The group expanded their targeting five days later on January 27, executing coordinated attacks against multiple National Football League (NFL) organizations. They gained unauthorized access to official social media accounts belonging to seven NFL entities: the Dallas Cowboys (Instagram and Facebook), Buffalo Bills (Instagram and Facebook), Houston Texans (Facebook), Minnesota Vikings (Instagram and Facebook), Kansas City Chiefs (Twitter), Green Bay Packers (Twitter and Facebook), and the NFL league office itself (Twitter and Facebook). The attackers maintained control over these accounts for approximately two hours, during which they used the platforms to broadcast their activities. OurMine simultaneously announced these compromises through their own Twitter account before its suspension.
The incident impacted accounts with collective followings numbering in the tens of millions, though no specific data theft or financial motives were evident. OurMine's Twitter communications framed the attacks as demonstrations of inadequate security practices rather than attempts at data exfiltration or extortion. All affected organizations regained control of their accounts within hours through unspecified recovery measures. The hackers' account was suspended by Twitter during the incident, terminating their primary communication channel. Prior to the NFL attacks, OurMine had compromised several other verified accounts between January 22-27, including those of Will Smith (FooVR CEO), Bobby Berk (Queer Eye star), Enrique Hernández (LA Dodgers player), Matt Raub (film director), and the Dave Moss YouTube channel. The group's activities ceased following platform interventions against their accounts.