Colin Kaepernick is certainly a headline maker and his name is making tech headlines today. It’s been revealed that Colin Kaepernick and 1,135 other NFL players have had some of their personal data leaked. It seems the NFL Players Association website had some misconfiguration on their part which allowed some personal data to be seen, including cell phone numbers and physical addresses. Security experts are warning that hackers may now have all of that information in their hands. Bob Diachenko of Kromtech Security first reported the news and spoke to Forbes last week.
He told Forbes late last week that he’d come across an open Elasticsearch database sitting on a server for NFLPA.com. Thanks to a misconfiguration, all the data inside was accessible to anyone who knew the right link, he said. Diachenko warned the database was already compromised when he found it, with a ransom note left inside in February this year.
According to Forbes, hackers did find the database and attempted to lock it down and demand a ransom for its contents. The strange thing is, the hackers only requested 0.1 bitcoin in payment ($428USD). Either they didn’t know what they had on their hands or they’re not really that needy. Forbes has tried to contact the NFL Players Association but has gotten no response. The NFLPA did, however, send a message out letting agents know the database has been secured.
“We have worked with cybersecurity experts at Microsoft and our database consultant to determine the extent of the improper access. We are confident that it was limited to a two-hour period last week,” the NFLPA wrote in its email, which was passed to Forbes by an agent who asked to remain anonymous. The message confirmed players’ home addresses, mobile numbers, email addresses, colleges, dates of birth and agent fees were included in the exposed data.
“We want to emphasize that no information about you or your player’s Social Security Number or finances was in the data. Also, we are directly informing all players involved,” the email noted. “In addition to our work with Microsoft, we are engaging an independent firm to do a full review of all of our cybersecurity measures.”
Colin Kaepernick nor anyone in his camp has made a comment on the matter. For now, it seems the database is secure again, but someone certainly has that information out there somewhere.Source: Forbes