NFLPA Website Hacked; Player Data Exposed
In an article for Forbes by Thomas Fox-Brewster, he reports that the NFLPA’s website has been victim of a data hack in which as many as 1,135 NFL players (current and former) have had their data breached. Or was it even a hack-job at all?
According to Bob Diachekno, researchers from Kromtech Security Center found a publicly accessible database containing private information of NFL players and their agents on September 26. In what appears to be the first “hack” of the NFLPA, the irony is that it really wasn’t a hack at all in that the data found did not require a password or authentication – anyone could have viewed it. The company really needed to have website penetration testing services carried out to review how secure their data was because that’s ridiculous.
The information found included the contact information for the player (cell phone, email address, etc.) as well as that of their agents (which can currently be accessed via the NFLPA’s site anyway). However, the logs take it a step further and show the home address of the agents and players as well as the IP addresses that were used to sign in to the site.
What does this mean for the more than 1,000 people involved? Since contact information was released, you can likely expect to see reports of hate mail and/or potential harassment following certain players. Most notably in this data included the information for Colin Kaepernick and Robert Griffin III, both free agent quarterbacks and both have made recent headlines for anything but their football skills. Agents were alerted by the NFLPA saying that it was notified of the loophole and was taking measures to secure the information.