A couple days ago, multiple cybersecurity firms reported that a group of hackers, allegedly from Saudi Arabia, took control of the Twitter accounts of half of National Football League (NFL) teams.
Although the administrators of these accounts managed to regain control, it appears that these hackers’ campaign is not over, as multiple users began reporting anomalous activity on various ESPN-controlled Twitter and Instagram accounts. The compromised accounts were @ESPN (the main media network account), @SportsCenter and @NBAonESPN, from where hackers posted some tweets that have already been deleted.
Doha Madani, NBC News reporter, was the first
to attribute the incident to the Saudi hacking group, known as OurMine:
“Someone contacted us via email; apparently, the email account was
operated by OurMine. Alleged hackers mentioned that, in 2017, they had to stop
their activities, although they have now returned,” she said. In addition,
NBC News mentions that, in their message, hackers assured that they choose
their targets randomly, although they did not reveal the process they used to
compromise the NFL
While more details about the incident are
unknown, ZDNet cybersecurity experts say all this has to do with a security
incident in Khoros, a digital marketing and public relations application.
Multiple companies, including NFL teams, use this tool, linking it to their
social media accounts. ZDNet’s theory is that Khoros’ security has been
However, a Khoros spokesperson denied that a
cybersecurity incident has occurred on the platform: “Right now we’re
helping a customer with an access issue not to authorize their accounts.”
The firm did not mention the name of the affected customer, although it is most
likely the NFL and its teams.
While this incident is resolved, there is still
an investigation into what happened in ESPN accounts; normal activities in the
compromised accounts have already been restored. The International Institute of
Cyber Security (IICS) believes that both attacks have most likely been
perpetrated by the same hacker group, although it is still investigating
whether OurMine has actually reappeared, or if they are threat actors taking
the name of a group of hackers renowned in the past.