The N.F.L. became the latest victim in a string of recent high-profile Twitter hoaxes and hackings after its verified account sent a series of tweets saying that Roger Goodell, the league’s commissioner, had died.
“We regret to inform our fans that our commissioner, Roger Goodell, has passed away. He was 57. #RIP,” the hoax tweet read.
Initially a flurry of posts expressing shock of the death went up after the tweet about Mr. Goodell, a polarizing figure in his 10 years as commissioner.
But others, battle-worn from days of recent Twitter hoaxes targeting celebrities like Jack Black, Mark Zuckerberg, Katy Perry and Drake quickly turned skeptical: Something just didn’t seem quite right about this one.
The tweet was quickly deleted — but the hacker (or hackers) doubled down.
“Oi, I said Roger Goodell has died,” an insistent follow-up tweet read. “Don’t delete that tweet.”
“The N.F.L. Twitter account was hacked,” Brian McCarthy, the league’s vice president of communications, said in an email. He added, “We have engaged law enforcement to look into the matter. We are reviewing and strengthening our cybersecurity measures.”
Mr. Goodell jokingly weighed in with a post on his personal Twitter account hours later.
Mr. Goodell most likely won’t be the last victim of what seems to be a spree of hackings committed by people who appear to be using leaked data to gain access to myriad social media accounts.
Indeed, minutes after the N.F.L. account was hacked, suspicious tweets began emanating from the singer Lana Del Rey’s account. (Like those sent from the N.F.L., those tweets were quickly deleted.)
While the N.F.L. hoax was deliberately used to spread bad information, the apparent breach against Ms. Del Rey resulted in the posting of gibberish and offensive statements similar to those in other hacks, including the one against Ms. Perry.
In a statement about the hacks, Twitter said: “A number of other online services have seen millions of passwords stolen in the past several weeks, and we know far too many people use the same password for multiple things online. We recommend people to use a unique, strong password for Twitter.”
It’s hard to say if the hoaxes were part of a coordinated attack on high-profile accounts, but the rapid-fire timing would suggest some planning. The millions of account names and passwords leaked in data breaches of social media platforms, including LinkedIn and Myspace, suggested that hackers are targeting accounts for which one password was used for multiple accounts.
In May, LinkedIn said that hackers were attempting to sell what they claimed were 117 million email addresses and passwords of its users, suggesting that a data breach in 2012 was much larger than initially thought.
“It’s quite possible that the LinkedIn breach is to blame again,” Graham Cluley, an online security expert and consultant, wrote in an email about the N.F.L. hoax. “Fundamental truth is that too many people reuse passwords, or have failed to enable two-step verification on their Twitter accounts.”
Further complicating the N.F.L. hoax was the fact that the hackers had breached an organization’s verified account, where death notices are frequently posted to a curious public.
One easy way to spot a hoax on Twitter is to check if the tweet had been posted using a different social media application than is usually used for that account. The N.F.L. usually tweets using social applications like Spredfast. The hoax tweet came from Twitter’s web client.
For their part, the hackers quickly responded when they realized they’d been caught: “OK, OK, you amateur detectives win. Good job.”
Source: New York Times