Cyber Incident Victim: Buffalo Bills
Date:
Jan 2020
Location:
United States of America
Summary
The OurMine hacking group compromised multiple NFL teams' social media accounts, including the Buffalo Bills' Instagram and Facebook profiles, during a coordinated campaign. The attackers briefly hijacked accounts across Twitter, Facebook, and Instagram platforms belonging to seven NFL franchises and the league itself, leveraging unauthorized access to demonstrate security vulnerabilities. This incident followed earlier breaches of high-profile individuals' accounts, with the group promoting their activities before having their Twitter account suspended. The hackers' actions temporarily disrupted organizational communications but did not result in prolonged account control.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The OurMine hacking group resumed high-profile social media account takeovers on January 22, 2020, after a hiatus since 2017, beginning with Facebook co-founder Eduardo Saverin's Twitter account. This marked the first confirmed incident in their renewed campaign targeting celebrities and sports entities. Between January 22-27, the group sequentially compromised accounts belonging to Will Smith (CEO of FooVR), Bobby Berk (Queer Eye star), Enrique Hernández (LA Dodgers player), Matt Raub (film producer), and the Dave Moss YouTube channel, collectively affecting over 1.1 million followers. The activity peaked on January 27 when attackers simultaneously hijacked official accounts of seven NFL-related entities: the Dallas Cowboys (Instagram/Facebook), Buffalo Bills (Instagram/Facebook), Houston Texans (Facebook), Minnesota Vikings (Instagram/Facebook), Kansas City Chiefs (Twitter), Green Bay Packers (Twitter/Facebook), and the NFL's primary Twitter and Facebook accounts. These sports-related compromises impacted tens of millions of combined followers across platforms.
Attackers maintained control over each account for approximately two hours during the January 27 incident window, using the access to post announcements from OurMine's Twitter account about the breaches. The hackers stated their actions aimed to demonstrate security vulnerabilities in high-profile accounts, characterizing the campaign as both for entertainment ("lulz") and as promotional activity for their group. No data theft or financial motives were indicated in the compromises. Platform providers suspended OurMine's Twitter account following the attack wave. All affected NFL teams and individuals regained control of their accounts within hours, with no reports of persistent access or secondary compromises. The incident highlighted risks to organizational social media assets, particularly those without two-factor authentication enabled, though no specific security gaps were confirmed for the Buffalo Bills or other NFL victims beyond the temporary account seizures.