Cyber Incident Victim: Indianapolis Colts
Date:
Jan 2020
Location:
United States of America
Summary
OurMine hackers briefly compromised social media accounts of multiple NFL teams and the league itself, targeting platforms including Twitter, Facebook, and Instagram. The attackers used the access to post promotional messages highlighting security vulnerabilities before accounts were regained, demonstrating their ability to breach high-profile targets to advocate for stronger authentication measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The OurMine hacking group resumed public activity on January 22, 2020, by compromising the Twitter account of Facebook co-founder Eduardo Saverin, marking their first high-profile breach of the year. Between January 22 and January 27, the group expanded their targets to include multiple celebrities and influencers, hijacking Twitter accounts belonging to Will Smith (CEO of FooVR), Bobby Berk (Queer Eye star), Enrique Hernández (LA Dodgers player), Matt Raub (film director), and the Dave Moss YouTube channel. These initial attacks affected accounts with follower counts ranging from 55,000 to 432,000. The campaign escalated significantly on January 27 when OurMine simultaneously compromised social media accounts of six National Football League teams and the NFL's official accounts. The Dallas Cowboys, Buffalo Bills, Houston Texans, Minnesota Vikings, Kansas City Chiefs, and Green Bay Packers had their Twitter, Facebook, and/or Instagram accounts hijacked, collectively exposing tens of millions of followers to unauthorized content. The NFL's official Twitter and Facebook accounts were also breached during this coordinated attack.
OurMine maintained control over the compromised NFL-related accounts for approximately two hours, during which they posted messages promoting their group and highlighting security vulnerabilities. The hackers used their own Twitter account to publicly claim responsibility for breaching multiple NFL teams before the account was suspended by Twitter. While no specific financial or data theft impacts were disclosed, the incident caused reputational exposure for the affected organizations through unauthorized access to their official communication channels. Account control was restored to the legitimate owners within hours of the takeover. The attackers appeared motivated by notoriety and demonstrating security weaknesses rather than financial gain, as evidenced by their public announcements and lack of ransom demands. The scale of the NFL breach represented OurMine's most significant coordinated action since their 2017 hiatus, affecting seven major sports entities simultaneously across multiple social media platforms.