Cyber Incident Victim: Chicago Bears
Date:
Jan 2020
Location:
United States of America
Summary
A hacking group compromised multiple National Football League teams' social media accounts, including Twitter, Facebook, and Instagram profiles, through unauthorized access. The attackers briefly controlled the accounts to post promotional content, impacting several teams with tens of millions of combined followers before platform suspensions mitigated the activity. The incident highlighted vulnerabilities in account security practices amid broader targeting of high-profile individuals and organizations by the same threat actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 22, 2020, the hacker group OurMine resumed public activity after a hiatus since 2017 by compromising the Twitter account of Eduardo Saverin, Facebook co-founder and angel investor. This marked the first confirmed victim in their renewed campaign targeting high-profile social media accounts. Between January 22-27, the group systematically hijacked accounts across multiple platforms, escalating to major NFL organizations by January 27. During this peak activity, OurMine simultaneously compromised the Twitter, Facebook, and Instagram accounts of seven NFL entities: the Dallas Cowboys (Instagram/Facebook), Buffalo Bills (Instagram/Facebook), Houston Texans (Facebook), Minnesota Vikings (Instagram/Facebook), Kansas City Chiefs (Twitter), Green Bay Packers (Twitter/Facebook), and the NFL's official league accounts (Twitter/Facebook). The attackers maintained control for approximately two hours per account according to their claims, using this window to post announcements from their @OurMine Twitter profile before its suspension.
The coordinated attacks impacted accounts with collective followings exceeding tens of millions, though no data theft or financial motives were evident. OurMine's posts during the breaches focused on self-promotion, claiming the intrusions demonstrated inadequate security practices. No specific malware or technical exploitation methods were disclosed in available reports. All affected organizations regained control within hours through unspecified recovery measures, with no reports of lasting account damage or secondary compromises. The NFL and its teams did not publicly detail remediation steps beyond restoring normal account operations. OurMine's Twitter suspension occurred concurrently with the NFL compromises, effectively halting further public communications from the group regarding these incidents. The campaign highlighted vulnerabilities in social media account management across sports franchises and celebrities despite existing security options like multi-factor authentication.