Here at Nicely Done Sites we take a lot of precautions when it comes to the security of the websites that we build. There are times that we feel like we are fighting an unending battle but we still do it. We are under no illusions that what we do is to completely secure every account and that our accounts are completely unhackable. Every now and again a real world example reminds us of this.

Super Bowl Celebrations Dampened

The Super Bowl was played recently just in case you were hiding under a rock or have been in a coma. The Kansas City Chiefs won. Super Bowl Sunday is usually considered to be a celebration of gluttony and booze as the NFL season comes to an end. The weeklong festival in Miami, Florida was a celebration of the game of football and its history though the death of Kobe Bryant did put a bit of a damper on that.

There was something else that may have put a damper on the celebrations as well. The Twitter accounts of 15 NFL teams as well as the NFL itself were hacked. A Saudi Arabia and Dubai-based group called OurMine claimed responsibility for the hacks. OurMine styles itself as a white hat organization that performs hacks to help increase cyber security awareness so that they can be prevented. The group had gone dormant in 2017 but announced through these hacks that they were back.

The Bears Did What?

The first account compromised was that of the Chicago Bears, which besides the message announcing that OurMine had returned also announced that the Bears had a new owner in Saudi Royal Court adviser Turki Al-Sheikh and that they had traded star linebacker Khalil Mack to the division rival Detroit Lions for $1 and a 6th round draft pick. Al-Sheikh actually does own a football team but it’s the Spanish second division football club UD Almería, hardly on par with the Bears in terms of popularity or revenue.

A Long History From OurMine

OurMine has a long history of targeting prominent individuals to offer their own cyber security services. They have previously hacked the Twitter accounts of Netflix, Marvel, Google CEO Sundar Pichai and Twitter CEO Jack Dorsey as well as Buzzfeed’s website and numerous Facebook and YouTube accounts. They have not said how they accessed the accounts.

Of the 15 NFL teams that had their accounts compromised both of the teams playing in the Super Bowl, the Kansas City Chiefs and San Francisco 49ers, were hit. The 49ers did manage to lock their account before any tweets could be sent. OurMine also did make their own predictions and that was that Kansas City would win. Hopefully they put down a bet on that. At least two teams Instagram accounts were also hacked. For teams of local interest the Philadelphia Eagles were hacked while the Baltimore Ravens, Pittsburgh Steelers and the Washington Redskins were not or were able to prevent anything from getting out.

No Excuses For The NFL

NFL teams make a lot of money so for something like this they should not be skimping on cyber security and the same can be said for the NFL itself. The NFL made $16 billion during the 2018-2019 season and that number is only going to rise for this past season. 

Of course it is unknown by the general public at the time how OurMine got into the accounts and it is possible we may never know. We hope it was not because they used an easy-to-break password. While a group like OneMain targets high profile individuals there are plenty that will have no issue targeting a less prominent person or business like yourself. A strong password and good precautions may be all that separates you from being hacked.

Not The First Time For The NFL

This was also not the first time that the NFL Twitter account was hacked. It was hacked by a student in Singapore in 2016 when they loaded a message that NFL commissioner Roger Goddell had died. The student was caught, pleaded guilty to 11 charges and sentenced to 24 months probation. They had been able to gain access using publicly available information from the NFL’s social media director who had linked their email account to the NFL’s account. 

The email address used with the account was linked to a phone number belonging to the director’s husband and belonged to the Canadian company Rogers Communication. The student was able to impersonate the husband with Rogers’ online support claiming to have lost access to the network and he was able to pass all tests using publicly available information on the director’s husband. The student was then given a temporary password and was able to log in, giving them the information for the NFL’s social media director. The student arranged it so that a copy of the password request was also sent to her phone and a phone that he had access to so when she reset the password he received it as well and could gain access to the NFL’s Twitter account.

Learn From The NFL

The best way to avoid something like this is to keep your account as secure as possible. Strong passwords should be used at all times and on all accounts with Multi-factor Authentication enabled if possible. Keep the passwords safe and only give them to trusted sources to avoid phishing attacks. Be mindful of accessing accounts in public spaces and on public wi-fi. Passwords should also be changed every 30 days. You should also be wary about what information is presented online. When you select a secret question you should probably never broadcast the answer to the world on social media.

But in the end this may not matter. Every account online is hackable but that does not mean that you should not try to stop it. For most attacks the tougher it is to get in the more likely the attacker will move on to a softer target. At the same time the security of many of your online accounts is only as good as that company’s security measures and as the NFL found out the hard way there are some issues in 2016. It may have taken a seriously dedicated effort but it can happen.

At the same time OurMine had contacted all of the organizations as well as the NFL advertising their cyber security services. It seems that they were doing this not only as a publicity stunt but also to prove a point. If you get a message like this it might be time to tighten up your security.

Comments are closed.

Scroll to Top