Cyber Incident Victim: IKEA
Date:
May 2023
Location:
Germany
Summary
The IKEA Facebook page was compromised by hackers who posted disturbing content, including propaganda imagery associated with the terrorist group ISIS and explicit pornographic material. The unauthorized posts were visible for approximately ten minutes before the company regained control of the account. According to the victim, the images had no connection to the brand. The account was subsequently secured, and the motive behind the attack remains undetermined.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of May 4, 2023, the official Facebook page of the furniture retail company IKEA was compromised in a hacker attack. Users visiting the page expecting to see content related to furniture, special offers, and the brand's typical humorous memes were instead confronted with disturbing and unauthorized imagery. The initial content posted by the attackers consisted of propaganda material associated with the terrorist group known as the Islamic State (IS). This included images displaying IS flags, slogans, and several photographs of armed individuals. This was followed shortly thereafter by the posting of explicit pornographic content, specifically images depicting a man and a woman engaged in sexual intercourse.
The incident was first reported on by the Ippen Media Group. The unauthorized and highly offensive images were live on the company's Facebook page for approximately ten minutes before they were removed. In a written statement provided to the media, the IKEA press office confirmed the breach, stating the images were online unwanted for about ten minutes and that they "obviously have no connection to IKEA." The company's initial assessment indicated the event was a hacker attack. The primary impact of the incident was a significant disruption to the company's official social media presence and reputational damage due to the shocking nature of the content displayed to its followers and any member of the public viewing the page during the attack window.
IKEA's immediate response involved securing the compromised Facebook account. The company confirmed that the account was secured following the breach. As part of its response, IKEA also initiated increased monitoring of its social media channels, stating they would be closely watched going forward. The company did not provide specific details regarding the restoration process or any technical steps taken to remediate the compromise. The scope of the incident appeared to be limited to the Facebook platform, with no mention of other systems or social media accounts being affected. The specific method of compromise, such as whether account credentials were stolen or a vulnerability was exploited, was not disclosed by the company.
The consequences of the attack centered on the public nature of the breach and the type of content displayed. The presence of terrorist propaganda and pornography on a major corporate social media page represents a serious reputational and brand safety incident. The company had to publicly address the event and assure customers that the content was not affiliated with or endorsed by IKEA in any way. The attack did not appear to be aimed at data theft or financial gain but rather at causing public embarrassment and leveraging the company's large audience to disseminate harmful content. At the time of the reporting, IKEA could not comment on who was behind the hacking attack or what the specific motives of the attackers were. No individual or group claimed public responsibility for the incident in the immediate aftermath. The company did not release information regarding any investigation into the attack's origin or whether law enforcement agencies were notified. The incident highlighted the vulnerability of corporate social media accounts to takeover and misuse by malicious actors.