fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Two Charged For Hacking NBA, NFL Players’ Social Media Accounts

Two Charged For Hacking NBA, NFL Players’ Social Media Accounts

The US Department of Justice charged two men for their involvement in the fraudulent takeover of email and social media accounts owned by multiple National Football League (NFL) and the National Basketball Association (NBA) athletes.

Between December 2017 and April 2019, Trevontae Washington from Louisiana and Ronnie Magrehbi from Florida allegedly compromised and took over Facebook, Twitter, Instagram, and Snapchat social media accounts of several professional and semi-professional football and basketball players employed by the NFL and the NBA.

The two men were charged with one count of conspiracy to commit wire fraud (maximum 20 years in prison and a fine of up to $250,000) and one count of conspiracy to commit computer fraud and abuse (maximum five years in prison and a fine of up to $250,000).

Compromised accounts used for extortion

While Washington only sold access to the compromised accounts to others to further exploit them for various amounts ranging from $500 to $1,000, Magrehbi also extorted the NFL player whose Facebook, Twitter, Instagram, and Snapchat accounts he managed to take over.

“Magrehbi extorted the player, demanding payment in return for restoring access to the accounts,” a DoJ press release published today explains.

“The player sent funds on at least one occasion, portions of which were transferred to a personal bank account controlled by Magrehbi, but never regained access to his online accounts.”

Washington and Magrehbi used the same tactic to gain access to the NFL and NBA players’ accounts: they contacted them via Instagram direct message with a “clickable link to a Facebook site that purported to solicit community support from professional athletes” according to the two criminal complaints [12].

Once the victims clicked the link on their personal smartphones, they were brought to what seemed like a Facebook login page.

After entering their credentials to login on the social media platform, they were locked out of multiple social media accounts including Facebook, Twitter, Instagram, and Snapchat.

Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent

NFL teams’ social accounts hijacked earlier this year

Social media accounts of NFL teams and of the league itself have also been targeted earlier this year by the OurMine hacking crew who successfully managed to take them over briefly in January 2020 after two years of inactivity.

As BleepingComputer reported at the time, OurMine targeted and hijacked the Twitter, Facebook, and/or Instagram accounts of the NFL and the following 15 NFL teams with a combined number of tens of millions of followers: Dallas Cowboys, Buffalo Bills, Houston Texans, Minnesota Vikings, Chicago Bears, Kansas City Chiefs, Green Bay Packers, Arizona Cardinals, Cleveland Browns, Denver Broncos, Indianapolis Colts, New York Giants, Philadelphia Eagles, San Francisco 49ers, and Tampa Bay Buccaneers.

The hackers were able to take over these social media accounts in just over two hours and then moved to hijacking the accounts of other high-profile victims including but not limited to Enrique Hernández (second baseman for L.A. Dodgers), Matt Raub (director, producer, writer), and Eduardo Saverin (Facebook co-founder).

Also Read: 7 Simple Tips On How To Create A Good Business Card Data

Social media users can secure their accounts from takeover attempts by enabling two-factor authentication (2FA) and paying closer attention to suspicious login pages.

OurMine is known for taking over accounts of high-profile companies and tech execs without 2FA protection using leaked credentials as part of previous data breaches.

BBC, New York Times, Netflix, Sony Music Global, National Geographic, Sundar Pichai, Jack Dorsey, and many other companies and tech execs are among their victims since 2016 when they took over the social media accounts of Facebook founder Mark Zuckerberg‘s Twitter, LinkedIn and Pinterest accounts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us