Cyber Incident Victim: Dallas Cowboys
Date:
Jan 2020
Location:
United States of America
Summary
The Dallas Cowboys were among several NFL teams targeted in a social media account hijacking campaign by the OurMine hacking group. Attackers gained unauthorized access to multiple platforms including Instagram, Facebook, and Twitter accounts across the league, briefly controlling these channels to promote their group and demonstrate security vulnerabilities. This coordinated effort affected numerous high-profile organizations simultaneously, with compromised accounts collectively reaching tens of millions of followers before control was restored. The incident formed part of a wider pattern of credential-based attacks against prominent entities to draw attention to inadequate cybersecurity practices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 22, 2020, the hacker group OurMine initiated a series of social media account compromises, beginning with the Twitter account of Eduardo Saverin, Facebook co-founder and angel investor. This marked their first publicly claimed intrusion of the year after a period of reduced activity since 2017. The group expanded their targeting on January 27, 2020, by hijacking multiple National Football League (NFL) team accounts and the league’s official accounts. The Dallas Cowboys suffered unauthorized access to both their Instagram and Facebook accounts during this campaign, alongside six other NFL franchises and the NFL’s own corporate accounts. OurMine simultaneously compromised the Buffalo Bills’ Instagram and Facebook, Houston Texans’ Facebook, Minnesota Vikings’ Instagram and Facebook, Kansas City Chiefs’ Twitter, Green Bay Packers’ Twitter and Facebook, and the NFL’s Twitter and Facebook. The attackers maintained control for approximately two hours, during which they used the platforms to broadcast their activities and claims of control.
The coordinated attacks impacted accounts with tens of millions of combined followers, leveraging the high visibility of NFL teams to amplify their message. OurMine documented their progress in real-time via their Twitter account, which was subsequently suspended by the platform. No specific content posted during the Dallas Cowboys’ account compromise was detailed in available reports, though the intrusion disrupted normal operations temporarily. The group characterized their actions as both entertainment (“for the lulz”) and a demonstration of inadequate security practices among high-profile entities. While the article noted basic protective measures like unique passwords and two-factor authentication could prevent such breaches, no specific remediation actions taken by the Cowboys or other victims were disclosed. The incident highlighted vulnerabilities in social media account management across major sports organizations, though no long-term operational or financial consequences were reported for the affected teams.