Cyber Incident Victim: Cable News Network
Date:
Jan 2017
Location:
United States of America
Summary
The CNN organization experienced a compromise of its primary Facebook account along with its International and Politics pages, where the OurMine hacker group posted messages claiming to test security and promoting their services before the content was removed within approximately 30 minutes. The group, self-identifying as white-hat hackers focused on exposing vulnerabilities, asserted the intrusions were random and not targeted, leaving their signature contact details and logo. This incident followed similar breaches of WWE social media accounts, which OurMine attributed to linked administrative access, and aligned with their history of compromising high-profile entities like Marvel, Netflix, and tech executives to demonstrate security weaknesses while offering remediation services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 28, 2017, the hacker group OurMine compromised multiple Twitter accounts associated with World Wrestling Entertainment (WWE), including the official handles for WWE Universe, WWE NXT, WWE Network, SummerSlam, and wrestlers John Cena and Triple H. The group also breached WWE’s Tumblr page during this incident. OurMine left identical messages across all compromised accounts, stating they were "just testing your security" while displaying their logo and providing contact information for their security services. The group claimed the WWE accounts were linked to the head of social media’s account, enabling centralized access. WWE confirmed the breach to Mashable, noting the accounts were hacked for a brief period on Saturday evening before being resecured. The following day, January 29, OurMine expanded their activity by breaching CNN’s primary Facebook account, CNN International, and CNN Politics Facebook pages. They posted the same testing message, logo, and service offer, which were removed approximately 30 minutes after the takeover. OurMine representatives told IBTimes UK they selected targets randomly rather than through deliberate targeting, emphasizing their stated mission of exposing security flaws without malicious intent.
The incidents resulted in temporary loss of control over social media platforms for both organizations, though no data theft, financial theft, or permanent damage was reported. WWE issued a public acknowledgment of the breach but did not disclose technical details of the compromise or remediation steps beyond resecuring the accounts. CNN did not release an official statement per the available sources, but the rapid removal of OurMine’s posts suggests internal detection and response efforts occurred. OurMine’s actions aligned with their self-described identity as an "elite hacker group" focused on revealing vulnerabilities in major systems, a pattern consistent with their 2016 breaches of high-profile accounts including Mark Zuckerberg, Marvel, Netflix, and BuzzFeed. The group reiterated on their website that they had "no bad intentions" and aimed to provide security improvements to compromised entities. No long-term operational disruptions to WWE or CNN’s services were documented in the source material, and no legal or financial repercussions for the attackers were mentioned. The breaches highlighted risks associated with linked social media management systems and the persistent threat of credential-based attacks against high-visibility accounts.