Cyber Incident Victim: Triple H
Date:
Jan 2017
Location:
United States of America
Summary
A hacker group compromised multiple social media accounts associated with a professional wrestling organization, including those of prominent wrestlers and affiliated platforms like WWE Universe, NXT, and Summer Slam, as well as breaching a major news network's Facebook pages. The attackers left messages stating they were testing security and offered their own protection services, along with contact details. The organization confirmed the temporary breach and regained control of the accounts. The group claimed the accounts were linked through a single administrator, enabling broader access, and stated they selected targets randomly rather than with specific intent. This incident followed similar breaches of entertainment companies, streaming services, and media outlets, where the group positioned itself as white-hat hackers exposing vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 28, 2017, the hacker group OurMine compromised multiple World Wrestling Entertainment (WWE) social media accounts, including the official handles for WWE Universe, WWE NXT, WWE Network, SummerSlam, and individual wrestlers Triple H and John Cena. The group also breached WWE’s Tumblr page. OurMine left identical messages across all compromised accounts, stating they were "just testing your security" while displaying their logo and directing users to contact them for security services via their website. WWE confirmed the incident to Mashable, acknowledging a brief unauthorized access period on Saturday evening and stating they had re-secured the affected accounts. OurMine later claimed the breach was facilitated because all WWE accounts were linked to the head of social media’s account, simplifying their access. The group characterized their actions as random target selection rather than deliberate focus on WWE.
The following day, January 29, OurMine expanded their activity by briefly compromising CNN’s primary Facebook account, along with its CNN International and CNN Politics pages. They posted the same testing message and contact details, which CNN removed approximately 30 minutes after the breach. OurMine reiterated their self-described role as an "elite hacker group" focused on exposing vulnerabilities, emphasizing no malicious intent and offering security assistance to victims. This incident aligned with their pattern of high-profile breaches in 2016–2017, including prior takeovers of Marvel, Netflix, and NFL social media accounts, defacement of BuzzFeed’s website, and compromises of tech executives like Mark Zuckerberg and Jack Dorsey. WWE’s public confirmation and swift account recovery, alongside CNN’s rapid content removal, marked the immediate organizational responses, though no further technical or financial impacts were disclosed in available reporting.