OurMine, a hacker group that has previously infiltrated the accounts of top Silicon Valley executives including Twitter chief executive Jack Dorsey, claimed responsibility but the companies have not confirmed any details.
“We are here to Show people that everything is hackable,” the group wrote in a tweet yesterday afternoon on the official Green Bay Packers Twitter account, which was removed yesterday afternoon (see the below screenshot). The profile pictures were also removed on many of the affected accounts, and some were not restored as of early Tuesday morning.
ZDNet reports the group broke into the Dallas Cowboys Instagram and Facebook accounts, as well as the Minnesota Vikings and Buffalo Bills Instagram accounts.
The hacks highlight how if some of the most valuable sports franchises in the world are vulnerable to a breach — anyone could be.
The NFL said in a statement Tuesday morning that it took “immediate action” to address the breach and directed teams to secure their accounts and prevent further access.
“We continue to work diligently with the teams, which have resumed normal operations,” the league said in a statement. “The NFL and teams are cooperating with its social media platform providers and law enforcement.”
Social media security experts say that there are lessons for companies to learn. Jim Zuffoletti, the CEO of Safeguard Cyber, said in an interview that social media is so easy to set up that many companies don’t prioritize its security. But they should think about it the same way as they would secure a laptop, phone or any other device interacting with their network.
“Know what assets you’ve got, don’t forget the basics like two-factor and think about this as part of your perimeter and do something about it,” he told me.
The hacking incident could also put pressure on tech companies like Twitter and Facebook to remind users about basic account security hygiene. Breached social media accounts also could be used in dangerous ways to spread misinformation that could have political and social consequences. OurMine in this case on Sunday morning appeared to post a tweet to the Chicago Bears account's 1.8 million followers, announcing a new owner and tagging @Turki_alalshikh, a Saudi official, as that man. Minutes later, the group tweeted “Just Kidding!," the Chicago Tribune reported.
Andy Stone, a spokesman for Facebook (which also owns Instagram) said the company is “investigating and working to secure and restore access to any impacted accounts.” Facebook declined to say how many accounts were affected.
“As soon as we were made aware of the issue, we locked the compromised accounts,” said Twitter spokeswoman Katie Rosborough. “We are currently investigating the situation.” Twitter also suspended OurMine’s account for violating its community guidelines.
It wasn't immediately clear how OurMine gained access to the accounts, but Twitter said the bad actors accessed the NFL accounts through a third-party platform, not directly through Twitter. Twitter has revoked that platform's ability to post on any NFL accounts, and taken other steps to lock down the Twitter accounts. The company is working with the NFL to restore access.
OurMine told The Daily Dot via email that it was able to access the accounts via a social media management tool. The tweets appeared to be posted by Khoros, which was rebranded from SpredFast following a merger, according to its website. Khoros did not immediately respond to a request for comment from The Washington Post, but it did tell ZDNet that “the Khoros platform was not compromised.”
“We are helping a Khoros customer manage an incident, which involved unauthorized access into employee user accounts within their organization,” Khoros said. “We are committed to our customers' security and are partnering with them to help them resolve the situation.”
The NFL did not respond to requests for comment.
BITS, NIBBLES AND BYTES
BITS: Social media platforms are struggling to curtail misinformation about the deadly outbreak of the coronavirus, my colleague Tony Romm reports. Silicon Valley giants have long struggled to curb health misinformation, but the potential pandemic shows just how quickly falsehoods can spread in real time through private groups and other features.
Facebook's fact-checking partners rated some misinformation about the disease as false, which reduces the appearance of the content in news feeds. But in private groups such as “Coronavirus Warning Watch,” thousands of members swap conspiracy theories and bogus natural remedies beyond the reach of fact-checkers.
“It’s captivated the public and been trending on social media as people look for more information,” Renee DiResta, research manager at Stanford Internet Observatory, told Tony. “This kind of content dynamic is not unique — it shows up for any new outbreak, at this point.”
Twitter and YouTube have also seen an uptick in content spreading unsubstantiated and false claims about the virus over the weekend as the virus infected 2,800 infected people in China, killing at least 82. Twitter says it started steering some users searching for coronavirus-related hashtags to more authoritative sources. Google-owned YouTube said its algorithm also prioritizes more credible sources. But a number of videos, including one with nearly half a million views, pushed dubious information about the origin of the coronavirus and its means of transmission, Tony reports.
Researchers say that the limited scientific information about the disease increases the risk that misinformation will take hold on social media. Almost four years ago, inaccurate posts about the global, mosquito-borne Zika illness dwarfed the popularity of more authoritative sources of information about the outbreak, according to researchers at the Medical College of Wisconsin in Milwaukee.
NIBBLES: Facebook released its long-delayed “Off-Facebook Activity” tracker today, allowing you to see all the ways the company is tracking your behavior off-Facebook to customize your ads, my colleague Geoffrey A. Fowler reports. The new tool isn't a silver bullet for stopping Facebook from tracking your behavior, but it “offers an opportunity to see in ugly detail how Facebook’s advertising surveillance-system actually works,” Geoffrey writes.
Even with the Facebook app closed, Geoffrey found that Peet's Coffee, The Atlantic, Home Depot and the Pete Buttigieg campaign all pinged Facebook with his data. Stores can even upload your offline activity to Facebook. In return, Facebook helps them optimize ads.
The new tracker allows you to see that data up to the last 180 days. It isn't as useful as a Web browser's clear-history button, Geoffrey writes, but it does allow you to stop Facebook from using your off-platform behavior to serve you ads. It doesn't force it to stop collecting that data, however.
Facebook also says it puts some limits on what information organizations can share, such as health and financial information. But's unclear how well Facebook enforces the policies. Geoffrey found Facebook tracker code on a website for an HIV drug, for instance.
BYTES: Rep. Kathy Castor (D-Fla.), chair of the U.S. House Select Committee on the Climate Crisis, wrote to Alphabet chief executive Sundar Pichai yesterday demanding that the company remove videos that promote climate denial and misinformation from its YouTube platform. Earlier this month, a report from nonprofit group Avaaz found that YouTube's search algorithms direct millions of viewers to climate misinformation each day.
“I urge you to ensure that YouTube is not incentivizing climate misinformation content on its platform, or effectively giving free advertising to those who seek to protect polluters and their profits at the expense of the American people,” Castor wrote.
In addition to removing ad money from climate misinformation, Castor wants Google to “take steps to correct the record” for users who have been exposed to climate misinformation on YouTube. The Select Committee is requesting a response by Feb. 7
Castor wrote to Pichai in October, calling on the company to end “investments in groups that are actively blocking progress on climate action and that are promoting climate denial.”
— News from the public sector:
-- Facebook has asked all employees to suspend "non-essential travel" to mainland China, per Centers for Disease Control and Prevention guidance. The company also asked employees who recently traveled there to work from home for a period.
"Out of an abundance of caution, we have taken steps to protect the health and safety of our employees," Stone, a Facebook spokesman, said in a statement.
-- Fight for the Future & Students for Sensible Drug Policy released a new scorecard today showing which colleges are using facial recognition as a part of the groups' campaign to ban facial recognition from university campuses. More than 45 schools said they do not and have no plans to use the technology and 30 schools didn't respond. George Washington University, Duke University, and American University declined to commit to boycotting the technology in the future.
— More news from the private sector:
— Tech news generating buzz around the Web:
- The Internet Education Foundation will host the 16th annual State of the Net Conference in Washington.
— Coming up:
- The House Energy and Commerce communications and technology subcommittee will hold a hearing on “Empowering and Connecting Communities through Digital Equity and Internet Adoption” on Wednesday at 10:30 a.m.
- The Brookings Institute will host an event exploring innovation strategies to counter regional economic divides on Wednesday at 9:30-11:30 Am. The event will feature remarks from Steve Case, chairman of Revolution, and Judy Faulkner, CEO of Epic.
- New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at 12 p.m.
- Federal Trade Commissioners Noah Joshua Phillips and Rebecca Kelly Slaughter will address current technology policy issues during a panel conversation hosted by the Technology Policy Institute on Feb. 5 at 10 a.m.
- Silicon Flatirons will host its “Technology Optimism and Pessimism” conference Feb. 9 and 10 at the University of Colorado Law School in Boulder. Speakers include Federal Communications Commissioner Michael O’Rielly and Federal Trade Commissioner Rohit Chopra.
- Mobile World Congress takes place Feb. 24 to 27 in Barcelona.