Cyber Incident Victim: OurMine

On February 7, 2020, the OurMine hacker collective compromised Facebook’s primary Twitter account (@facebook) and its Messenger Twitter account (@messenger). The attackers posted unauthorized content on both accounts, temporarily vandalizing the pages. Screenshots confirmed the tweets originated from Khoros, a social media management platform used by companies to engage with customers. Twitter detected the breach swiftly, locking the compromised accounts and collaborating with Facebook to restore access. The offending tweets were removed promptly, limiting public exposure. Twitter issued a public statement confirming the incident and its containment efforts, though Facebook did not provide substantive commentary beyond acknowledging TechCrunch’s inquiry. No evidence suggested broader infiltration of Facebook’s internal systems or data theft; the attack appeared confined to Twitter account access.

OurMine, a group with a documented history of high-profile social media breaches, had previously targeted sports-related Twitter accounts in January 2020 and compromised accounts belonging to Niantic’s CEO in 2016 and multiple media outlets, including TechCrunch, in prior years. The collective’s modus operandi involved hijacking accounts to demonstrate security vulnerabilities, often without further malicious payloads. The Facebook incident mirrored these patterns, leveraging third-party tools like Khoros—a platform facilitating corporate social media management—as an entry vector. No financial motives or data exfiltration were reported. The operational disruption was minimal due to rapid detection and remediation by Twitter’s security teams. Facebook’s public communications remained unaffected beyond the brief Twitter compromise, with no observable impact on its core platforms or user data.