Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Threat Management, Threat Management, Threat Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts

Minutes before the NFL Draft commenced in Chicago on Thursday, an apparent hacker accessed the Twitter account of top prospect Laremy Tunsil and posted an old video of the Ole Miss player smoking from a bong, damaging his value and creating a domino effect that impacted multiple teams' strategies.

Immediately following the draft, the hacker apparently struck again, this time accessing Tunsil's Instagram account to post what appears to be a text conversation between the player and Ole Miss assistant athletic director for football operations John Miller, in which Tunsil asks for money to pay off his mother's water and electric bill. Because collegiate players are not allowed to receive funds from their teams, observers speculated that a further NCAA investigation is possible.

Widely considered the most talented player available, Tunsil, an offensive tackle, was expected to be a top-five pick, but instead dropped to the 13th spot, where the Miami Dolphins snatched him up. The freefall, albeit a brief one, still cost him millions of dollars, due to the NFL's rookie salary system.

Tunsil had the unauthorized tweet deleted and subsequently posted an apology. Still, the hack appeared to harm Tunsil's draft stock, especially after the Baltimore Ravens, sitting in the number-six slot, drafted fellow tackle Ronnie Stanley from Notre Dame. The difference between being drafted sixth and 13th is around $8 million, based on reported 2016 projections.

At a press conference at the draft, Tunsil verified that the tweeted photo of him wearing a gas mask while smoking a bong was authentic, saying it dated back about two years ago. “Somebody hacked into my account, man. You know, I made that mistake several years ago and somehow somebody got in my photos and hacked my Twitter account and apparently somebody just hacked my Instagram account. So man it's getting crazy. I can't control it, man,” said Tunsil during the conference.

At first, Tunsil denied receiving money from Ole Miss staff, but when asked again if funds ever exchanged hands, he responded, “I would have to say yeah.” Shortly thereafter, a woman escorted Tunsil from the room.

Various reports have surfaced speculating who might be the culprit behind the hack. Deadspin reported that an anonymous tipster earlier this month attempted to sell them the video of Tunsil. Other reports pointed to a disgruntled, fired financial adviser. Meanwhile, the lawyer for Tunsil's estranged stepfather, who previously filed a lawsuit against Tunsil, denied any involvement by his client.

The bizarre turn of events was a cruel reminder that public figures such as athletes and celebrities are especially appealing targets for hackers looking to expose their dirty laundry, blackmail them or invade their privacy. The issue is serious enough that certain talent agencies even offer guidance to clients on responsible social media management. Some athletes and celebrities will even outsource their personal postings to a contracted social media management company, which then bears at least partial responsibility for keeping the account secure.

“What we'll do is, we advise them on how to pick strong passwords, and things to avoid when picking passwords like their name dog's name, or mom's name — things that could easily be socially engineered,” said an anonymous source at a sports agency, in an interview with SCMagazine.com.

The source said that the agency recommends password generation and management apps to clients, and also explains how to responsibly secure one's phone with strong PIN codes. The expert also noted how important it is for celebrities to always maintain possession of their phones, and not allow any friends or entourage members to access it.

If a client's account does get hacked, the agency has a contact person at the major social media platforms to quickly mitigate the attack. “We'll immediately reset the password and we'll…go through post by post to understand what was the last good post, and then delete all the offensive ones in the middle,” the source said.

When the platform deletes a post, it is permanently deleted, as opposed to merely cached in memory, where it can still potentially be accessed.

SCMagazine.com contacted the NFL Players Association to see if the labor organization providers players with any additional guidance, but has not received a response back. The anonymous source did say that players associations in many sports tend to recommend that their members eschew social media altogether — advise that the expert said is “not realistic.”

UPDATE 5/3: Palm Beach Post reporter Andrew Abramson has reported on Twitter that the Miami Dolphins suspect it was a former financial adviser who sabotaged Tunsil's social media accounts.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds