Hackers compromised Twitter accounts belonging to the National Football League and some of its most popular teams, including Super Bowl contenders the San Francisco 49ers and Kansas City Chiefs, in an apparent series of cyberattacks Monday.
The NFL released an update on the incidents Tuesday, saying in a statement, "Targeted breaches and additional failed attempts were discovered across the league and team accounts. The NFL took immediate action and directed the teams to secure their social media accounts and prevent further unauthorized access. Simultaneously, the league alerted the social media platform providers and, with their assistance, secured all league and club accounts. We continue to work diligently with the teams, which have resumed normal operations. The NFL and teams are cooperating with its social media platform providers and law enforcement."
The hackers taunted the NFL and the teams in messages saying they were "here to show people that everything is hackable," and promoted the hackers' security services via email and Twitter hashtags.
Accounts for the Chicago Bears, Green Bay Packers and Cleveland Browns, among others, were also taken over.
An organization known as "Our Mine," allegedly based in Saudi Arabia, took responsibility for the attack. Our Mine has executed similar, successful attacks against well-known and celebrity social media accounts in the past and uses the account takeovers to advertise their "services" as a security company.
However, account takeovers of this type are illegal in many jurisdictions, under laws that protect against identity theft, wire fraud or computer intrusion. Legitimate security companies do not advertise their services in this way.
The incident may raise some concerns about security practices of major sports leagues and their teams, as those participating in events at large venues fall under increasing scrutiny from the Department of Homeland Security for their vulnerability to cyberattacks. "Commercial Facilities," one of the 18 sectors categorized by DHS as "critical to the infrastructure of the United States," includes venues such as the Hard Rock Stadium in Miami, where this year's Super Bowl will be played Sunday.
For this reason, any successful compromise of teams playing in that event, including social media accounts managed by the teams, may draw federal scrutiny.
While it's not immediately clear how the league and team accounts were compromised, Twitter and other social media accounts can be reinforced if people who manage the accounts use multiple factors of authentication, rotate passwords and avoid phishing emails that may compromise their credentials.