Security News > 2020 > February > FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter

Just ahead of its Champion's League Round of 16 appearance next week, FC Barcelona's official Twitter account was hacked in an apparent credential-stuffing attack.

"FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted," the team announced on Twitter once it regained control of its social-media presence.

Security firm ESET noted in a posting this week that this is likely what happened to FC Barcelona.

"While multi-factor authentication is not foolproof, it causes a significant amount of additional work for the attackers so they are more likely to move on to easier targets," said Erich Kron, security awareness advocate at KnowBe4, via email.

"Any MFA solution can be hacked. I can hack different MFA solutions 48 different ways and any particular solution at least six different ways. So, while it is usually good to recommend that people use MFA to protect their confidential information it's just as important to educate them that MFA isn't 100-percent effective. They still have to be aware that phishing emails can bypass their MFA devices and getting tricked into going to a fraudulent website is very likely damaging without or without MFA being used."

News URL

https://threatpost.com/fc-barcelona-credential-stuffing-twitter/152994/