American football has suffered a colossal blow with more than 15 teams' social media accounts including Facebook, Instagram and Twitter accounts being compromised.
The victims
The list includes 15 major teams such as the San Francisco 49ers and Kansas City Chief who are about to face off in the Super Bowl Championship on February 2. Other notable victims include the Chicago Bears, Packers, Buffalo Bills, AZ Cardinals, Cleveland Browns, New York Giants, Tampa Bay Buccaneers, Philadelphia Eagles, Los Angeles Chargers, Dallas Cowboys, Houston Texans, Cardinals Colts and NFL official.
The list does not end here. Later the group of hackers shifted its focus to the sports broadcast giant ESPN's several social accounts including @ESPN, @SportsCenter and @NBAonESPN and hijacked them as well. Both the NFL and ESPN have admitted about the compromise through a statement. The mass hacking happened on Monday and followed on Tuesday.
The message
Saudi Arabia-based hacker group Ourmine claimed responsibility for the entire carnage. They claimed they wanted to show that social accounts are still not secure enough.
Ourmine posted a message on the @ESPN Twitter account which reads: "Hi, it's OurMine again. Well Internet Security still bad in this world so we are back:). Today will be crazy, so be ready for the news."
"ESPN contact us to help you fixing this issue," they added with an email ID to get in touch with. However, it did not mention the method they used to access and compromise the accounts.
Replying to an email questionnaire by NBC News, OurMine stated that the group stopped functioning in 2017, but have come back.
Past victims
In the past OurMine hit the headlines for hijacking a pool of technology hotshots' social media accounts. The list included Google CEO Sundar Pichai, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Niantic CEO John Hanke and former Wikipedia CEO Jimmy Wales. Also hit were media biggies like Buzzfeed, TechCrunch, and BBC, PlayStation Network, Netflix, Marvel Studios and popular sport handles such as WWE, FC Barcelona and Real Madrid.
The method
Though there are no specific details available about how the compromise happened, ZDNet spotted a large chunk of tweets from OurMine published via a web service dubbed Khoros. Khoros is usually used by digital marketing services to retrieve social media engagement analytics.