The same hackers have also gotten their mitts on social media accounts of other high-profile sporting targets
OurMine, the infamous hacker collective, hijacked the official Twitter accounts of FC Barcelona, the Olympics and the International Olympic Committee (IOC) on Saturday. The La Liga soccer giant, for one, also ran afoul of the group in 2017, when it had both its Facebook and Twitter accounts defaced.
OurMine have hacked the official Barcelona and Olympic Twitter accounts and posted these tweets ?? pic.twitter.com/1WEzLemTvl
— UTFR ?? (@ManUtd_HQ) February 15, 2020
A Twitter spokesperson confirmed for Business Insider that, much like in the previous incidents, the hack occurred via a third-party platform. Twitter took action and locked the accounts as soon as it became aware of the issue.
In a separate statement, an IOC spokesperson confirmed that they are investigating the breach into their social media accounts.
FC Barcelona took to Twitter to acknowledge the attack and announce that it will be conducting a cybersecurity audit and reviewing its protocols.
FC Barcelona will conduct a cybersecurity audit and will review all protocols and links with third party tools, in order to avoid such incidents and to guarantee the best service to our members and fans. We apologise for any inconvenience this situation may have caused.
— FC Barcelona (@FCBarcelona) February 15, 2020
Meanwhile, the hacking group hinted at Neymar’s possible return to the Blaugranas squad, claiming it read through some of the team’s private correspondence. In a now-deleted series of tweets, OurMine also mocked the Spanish soccer team for falling victim to the same type of attack twice.
The hacker collective also made headlines earlier this year, when it hijacked the official Twitter accounts of 15 NFL teams and the league itself. Just days ago, OurMine also broke into the Twitter and Instagram accounts for Facebook and Messenger.
Keep your eye on the ball
Account takeover attacks typically leverage credential stuffing, an automated method that deploys bots for login attempts. Using leaked or stolen access credentials from data breaches, the bots will then hammer the sites with multiple login attempts until one of the combinations pans out.
To lower the chances of having your account hacked or taken over, we suggest using two-factor authentication (2FA), if the option is supported. Many services offer 2FA as an extra layer of security to protect you from account takeover attacks.
Facebook, Instagram, and Twitter all offer several 2FA methods, but if you’re not sure if your service of choice offers such an option you can check here. The second authentication factor offers a valuable additional layer of protection in exchange for very little effort – our recent article can teach you the ropes of 2FA.