{ "id": "be2e302f-4a0a-4809-a2d7-ee0e663655b4", "created_at": "2026-04-06T00:06:26.554483Z", "updated_at": "2026-04-10T03:33:17.935223Z", "deleted_at": null, "sha1_hash": "a7dcb309428c3fc28a4f2ebebcd44d4c84836cdd", "title": "Hackers hijack social media accounts for the NFL and 15 teams", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2519735, "plain_text": "Hackers hijack social media accounts for the NFL and 15 teams\r\nBy Written by Catalin Cimpanu, ContributorContributor Jan. 27, 2020 at 11:58 a.m. PT\r\nArchived: 2026-04-05 16:07:46 UTC\r\nImage: Hence the Boom on Unsplash\r\nA Saudi hacker group has mass-defaced the social media accounts of the NFL and 15 of its teams. The\r\ndefacements were claimed by a group of hackers going by the name of OurMine.\r\nThe hacks, which occurred on the media-busy Super Bowl week, have been confirmed from multiple sources as\r\nfollows:\r\nNFL (hijacked Twitter account)\r\nArizona Cardinals (Twitter account)\r\nBuffalo Bills (Instagram and Facebook accounts)\r\nChicago Bears (Twitter account)\r\nCleveland Browns (Twitter account)\r\nDallas Cowboys (Twitter, Facebook, and Instagram accounts)\r\nDenver Broncos (Twitter account)\r\nGreen Bay Packers (Twitter account)\r\nHouston Texans (Twitter account)\r\nIndianapolis Colts (Twitter account)\r\nKansas City Chiefs (Twitter account)\r\nNew York Giants (Twitter account)\r\nMinnesota Vikings (Instagram account)\r\nPhiladelphia Eagles (Twitter account)\r\nhttps://www.zdnet.com/article/hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers/\r\nPage 1 of 3\n\nSan Francisco 49ers (Twitter account)\r\nTampa Bay Buccaneers (Twitter account)\r\npackers-tweet.png\r\nImage: ZDNet\r\nExact details of how the defacements took place are currently unclear, however, a large portion of the tweets\r\nposted by the OurMine crew on the hijacked accounts are coming from Khoros.\r\nKhoros is a web service used by digital marketing and public relations departments to manage social media\r\naccounts and gauge social media engagements, and is usually connected to a social media account as a third-party\r\napp.\r\nA Khoros spokesperson told ZDNet today that \"the Khoros platform was not compromised.\"\r\n\"We are helping a Khoros customer manage an incident, which involved unauthorized access into employee user\r\naccounts within their organization,\" Khoros said, without naming the client -- which is most likely the NFL. \"We\r\nare committed to our customers' security and are partnering with them to help them resolve the situation.\"\r\nOurMine's long history of social media account hijacking\r\nToday's hacks are not a surprise for cyber-security experts. OurMine, the group behind the hack, has built a\r\nreputation over the years for their ability to hijack the social media accounts of high-profile celebrities and tech\r\nCEOs, such as Mark Zuckerberg, Jack Dorsey, or Sundar Pichai, just to name a few.\r\nThe group, which has been active since 2016, is believed to consist of several Saudi teenagers. Prior to today's\r\ndefacements, the OurMine crew has been dormant for more than two years, since September 2017, when they got\r\ninto a little bit of trouble by stealing and leaking files from Vevo's internal servers.\r\nThe NFL and its teams now join a long list of celebrities, companies, and Silicon Valley CEOs who had their\r\nsocial media accounts hacked by the OurMine crew, which includes the likes of:\r\nBuzzFeed (website defacement)\r\nTechCrunch (website defacement)\r\nVariety (website defacement)\r\nBBC (Twitter account)\r\nPlay Station Network (Twitter account)\r\nNetflix (Twitter account)\r\nMarvel Studios (Twitter account)\r\nWWE (Twitter account)\r\nGame of Thrones (Twitter account)\r\nFC Barcelona (Twitter account)\r\nReal Madrid (Twitter and YouTube accounts)\r\nCNN (multiple Facebook accounts)\r\nNew York Times (Twitter account)\r\nWikiLeaks (DNS hijacking, website defacement)\r\nhttps://www.zdnet.com/article/hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers/\r\nPage 2 of 3\n\nMark Zuckerberg (Facebook CEO, they hacked his Pinterest and Twitter profile)\r\nDick Costolo (former Twitter CEO, they hacked his Pinterest account and cross-posted to his Twitter\r\naccount)\r\nJack Dorsey (Twitter CEO, they hacked his Vine account and cross-posted to his Twitter account)\r\nSundar Pichai (Google CEO, they hacked his Quora account and cross-posted to his Twitter profile)\r\nJohn Hanke (Niantic CEO, they hacked his Quora account and cross-posted to his Twitter profile)\r\nZach Klein (Vimeo CEO, they hacked his Quora account and cross-posted to his Twitter profile)\r\nEv Williams (Twitter, Blogger, and Medium co-founder, they hacked his Twitter account)\r\nMarissa Mayer (Yahoo CEO, they hacked her Twitter account)\r\nJimmy Wales (former Wikipedia CEO, they hacked his Twitter account)\r\nDaniel Ek (Spotify CEO, they hacked his Twitter account)\r\nBrendan Iribe (Oculus Rift CEO, they hacked his Twitter account)\r\nAdam Mosseri (Facebook VP, they hacked his Twitter account)\r\nDeadmau5 (music DJ, Twitter account)\r\nDavid Guetta(music DJ, Twitter account)\r\nChanning Tatum (actor, Twitter account)\r\nDrake (music artist, Twitter account)\r\n... and loads of other celebrities such as Lana Del Rey, Pewdiepie, Alexa Losey, Kylie Jenner, and many\r\nYouTube stars.\r\nIn previous interviews, the OurMine crew has admitted to using unsophisticated methods to gaining access to\r\nhacked accounts.\r\nThe group said they'd take passwords leaked during data breaches at other services and attempt to use the same\r\npasswords to gain access to accounts on other websites. If account owners reused passwords and failed to protect\r\naccounts with two-factor authentication, OurMine hackers would hijack and deface an account.\r\nBut besides hijacking social media accounts for celebrities, OurMine also engaged in other forms of cybercrime.\r\nThey often took credit for hacking online forums and other legitimate companies and then putting their data up for\r\nsale online -- using the reputation they forged by hacking tech CEOs to boost their sales on underground forums.\r\nArticle updated one hour after publication to confirm hacks of other NFL teams. Initially reported as hacks of\r\nBears and Packers Twitter accounts.\r\nThe FBI's most wanted cybercriminals\r\nSecurity\r\nSource: https://www.zdnet.com/article/hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers/\r\nhttps://www.zdnet.com/article/hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.zdnet.com/article/hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers/" ], "report_names": [ "hackers-hijack-twitter-accounts-for-chicago-bears-and-green-bay-packers" ], "threat_actors": [ { "id": "9de1979b-40fc-44dc-855d-193edda4f3b8", "created_at": "2025-08-07T02:03:24.92723Z", "updated_at": "2026-04-10T02:00:03.755516Z", "deleted_at": null, "main_name": "GOLD LOCUST", "aliases": [ "Anunak", "Carbanak", "Carbon Spider ", "FIN7 ", "Silicon " ], "source_name": "Secureworks:GOLD LOCUST", "tools": [ "Carbanak" ], "source_id": "Secureworks", "reports": null }, { "id": "cfdd35af-bd12-4c03-8737-08fca638346d", "created_at": "2022-10-25T16:07:24.165595Z", "updated_at": "2026-04-10T02:00:04.887031Z", "deleted_at": null, "main_name": "Sea Turtle", "aliases": [ "Cosmic Wolf", "Marbled Dust", "Silicon", "Teal Kurma", "UNC1326" ], "source_name": "ETDA:Sea Turtle", "tools": [ "Drupalgeddon" ], "source_id": "ETDA", "reports": null }, { "id": "e4ccfe5c-4d77-4503-bf1c-36076dbd78d0", "created_at": "2022-10-25T16:07:24.522697Z", "updated_at": "2026-04-10T02:00:05.02215Z", "deleted_at": null, "main_name": "OurMine", "aliases": [ "ATK 128", "TAG-HA10" ], "source_name": "ETDA:OurMine", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "33ae2a40-02cd-4dba-8461-d0a50e75578b", "created_at": "2023-01-06T13:46:38.947314Z", "updated_at": "2026-04-10T02:00:03.155091Z", "deleted_at": null, "main_name": "Sea Turtle", "aliases": [ "UNC1326", "COSMIC WOLF", "Marbled Dust", "SILICON", "Teal Kurma" ], "source_name": "MISPGALAXY:Sea Turtle", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "62b1b01f-168d-42db-afa1-29d794abc25f", "created_at": "2025-04-23T02:00:55.22426Z", "updated_at": "2026-04-10T02:00:05.358041Z", "deleted_at": null, "main_name": "Sea Turtle", "aliases": [ "Sea Turtle", "Teal Kurma", "Marbled Dust", "Cosmic Wolf", "SILICON" ], "source_name": "MITRE:Sea Turtle", "tools": [ "SnappyTCP" ], "source_id": "MITRE", "reports": null }, { "id": "74f1da67-5bc9-49ee-ba8e-b7e8b452a2c2", "created_at": "2023-01-06T13:46:39.021238Z", "updated_at": "2026-04-10T02:00:03.183989Z", "deleted_at": null, "main_name": "OurMine", "aliases": [], "source_name": "MISPGALAXY:OurMine", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775433986, "ts_updated_at": 1775791997, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a7dcb309428c3fc28a4f2ebebcd44d4c84836cdd.pdf", "text": "https://archive.orkl.eu/a7dcb309428c3fc28a4f2ebebcd44d4c84836cdd.txt", "img": "https://archive.orkl.eu/a7dcb309428c3fc28a4f2ebebcd44d4c84836cdd.jpg" } }