Pestering hackers are at it again, this time compromising a number of Twitter accounts belonging to National Football League teams, to include the two Super Bowl contenders:

Hackers compromised Twitter accounts belonging to the National Football League and some of its most popular teams, including Super Bowl contenders the San Francisco 49ers and Kansas City Chiefs, in an apparent series of cyberattacks Monday.

The hackers taunted the NFL and the teams in messages saying they were “here to show people that everything is hackable,” and promoted the hackers’ security services via email and Twitter hashtags.

Accounts for the Chicago Bears, Green Bay Packers and Cleveland Browns, among others, were also taken over.

It is not like hacking Twitter accounts is all that difficult. Let us assume the malicious actors attempted to breach more than just Twitter, such as the teams corporate networks, and other online presence. Why have they only thus far been successful with Twitter?

This is largely due to many users not configuring Twitter for two-factor authentication with an authenticator app, such as 1Password, Google Authenticator, or Authy. Had these teams been using TFA there is a much greater chance this attack would not have been successful. I specifically called out the use of an authenticator app rather than SMS because the latter is vulnerable.

It will be interesting to see why only these five teams were selected out of the total thirty-two teams in the NFL today. I doubt it has anything to do with specific motivation to attack these teams, but more so because of lax security on those Twitter accounts.