The Twitter account of FC Barcelona has been hacked by
the OurMine group, who had time enough to post sensitive information, seemingly
taken from private messages.
After OurMine took control of the account, they said
private messages on the platform indicate Neymar might be returning to the
team. The footballer left FC Barcelona in 2017, so it would be big news if he returned,
not to mention that this would be the worst way to make such an important
announcement.
Losing access to Twitter accounts is nothing new for
individuals or companies. Accounts are usually taken over via a technique
called credential stuffing. Companies and large organizations use analytic
tools that allow them to better measure the impact of their posts. Such
third-party tools don’t have the same kind of security, and usually have direct
access to the account.
Hackers get a hold of user names and passwords through
various leaks, then try them on various services. A bad tendency among people to
reuse credentials on multiple online services doesn’t help. Of course, the use
of a multi-factor authentication solution would have been great, but it’s
unclear whether such protection was deployed.
“FC Barcelona’s Twitter accounts have been hacked,
which is why messages from outside our club have appeared, and which have been
reported and deleted. The tweets were made through a third-party tool for data
analytics,” the club wrote on
Twitter.
“FC Barcelona will conduct a cybersecurity audit and
will review all protocols and links with third-party tools, in order to avoid
such incidents and to guarantee the best service to our members and fans,” it said.
“We apologize for any inconvenience this situation may have caused.”
As you might have noticed, they said nothing about the
supposedly leaked information, which is actually the best you can do in these
situations, whether it was true or not. Furthermore, this is the second time
this has happened. The previous time was in 2017 — by the same group.