Connecticut Office CALL US AT (203)-295-5050 | New York Office (646)-693-1950
Home - Article

Featured Article

October 03, 2017

NFLPA Database Leak: 1,200 NFL Players Affected


Recently, researchers from the Kromtech Security Center have identified a publically accessible database that contained the private information of NFL players and their agents.

This misconfigured Elasticsearch database was used to collect data from Orchard Audit module that is tracking/analyzing user activity on a number of NFL related domains (mostly, nflpa.com) and sending back to the Elasticsearch for analysis. ORCHARD CMS is a free, open source, community-focused Content Management System.

Elasticsearch nodes and indices were visible on Shodan, a public IoT search engine. Moreover, specific indices content are also viewable via a browser, so anybody with Internet connection could have accessed the data (and, as ‘pleasereadthis’ index says, somebody with malicious intents has already seen it).

The following information has been linked:

·         Total log records amount: 573,368

·         Records from 2017 - “audit-orchard-prod” total -406,284 : creation date: 2017-02-03

·         Emails (agent + player) - 1,262 records

·         75 @nflpa.com emails

·         Agents/managers IP addresses

·         Players physical address

·         Players mobile phone numbers

·         Designated Payee number codes

·         Advisor fee percentages

·         68 Urls or pages within the domain

·         22,974 Hashes (widely used in computer software for rapid data lookup)

·         26,271 IP Addresses -related to signed-in users and login locations

While there is no way to ensure you are 100% free from hacks, there are steps every company should take to minimize the risk of attack:

1.    Cybersecurity training is crucial.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

If companies – regardless of size, start realizing cybersecurity is a business issue, they will be far more prepared for the inevitability of a breach and be able to respond quickly to minimize damage to the business. The tools above should be used by all companies and an outside firm is 100% necessary to check on any in-house workers to ensure the company’s crucial information is being secured properly.


 

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!