"Ready. Set. Hut, hut, hack!"
A security company says it found a misconfigured Elasticsearch database that tracked activity on a variety of NFL related domains and it appears to have been previously visited by hackers.
"The exposed log records show NFL Player information and their agent's information, such as emails, mobile phone numbers, home address of agents and players and IP addresses which were used to sign-in and access the dashboard," says Bob Diachenko of Kromtech Security.
The company's security researchers give lots of details in their analysis of the NFLPA data leak, and believe that 1,133 players and agents had personal details exposed. This reportedly includes some of the biggest current and former names in the NFL.
They believe hackers attempted to lock the database and then left a ransom note demanding Bitcoin—but the lockup apparently failed.
Instead, the player and agent information continued to be unsecured.
"This appears to be the first data leak of NFL player data," Diachenko says. "And the most ironic part is that no hacking was involved and the data required no password or authentication."
SecureWorld has reached out to the National Football League Players Association (NFLPA) for comment.
