https://sputnikglobe.com/20171004/personal-information-nfl-players-exposed-unsecured-database-1057956212.html

Hundreds of NFL Players' Personal Information Exposed Via Unsecured Database

Sputnik International

The personal contact information of nearly 1,200 NFL players, including free agent players and sports agents, wound up exposed in an unsecured, publicly... 04.10.2017, Sputnik International

2017-10-04T21:21+0000

2017-10-05T00:21+0000

https://cdn1.img.sputnikglobe.com/img/105795/61/1057956157_0:168:2772:1735_1920x0_80_0_0_7b787273404b85b98894a8b675a88dc4.jpg

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

2017

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

News

en_EN

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

1920

1080

true

1920

1440

true

https://cdn1.img.sputnikglobe.com/img/105795/61/1057956157_0:80:2772:1823_1920x0_80_0_0_8eb6ec770dabcce301a4a8d3953978c3.jpg

1920

true

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

Sputnik International

newsfeed, society, national football league

Hundreds of NFL Players' Personal Information Exposed Via Unsecured Database

21:21 GMT 04.10.2017 (Updated: 00:21 GMT 05.10.2017)

© AP Photo / Ron JenkinsDallas Cowboys wide receiver Terrance Williams (83) looks at the ball after Williams dropped a pass in the end zone on a two-point conversion attempt late in the second half of an NFL football game against the Los Angeles Rams on Sunday, Oct. 1, 2017, in Arlington, Texas.

Dallas Cowboys wide receiver Terrance Williams (83) looks at the ball after Williams dropped a pass in the end zone on a two-point conversion attempt late in the second half of an NFL football game against the Los Angeles Rams on Sunday, Oct. 1, 2017, in Arlington, Texas. - Sputnik International

The personal contact information of nearly 1,200 NFL players, including free agent players and sports agents, wound up exposed in an unsecured, publicly accessible database, a cybersecurity company revealed Monday.

The information, accessed from an open Elasticsearch database hosted on a server for the NFL Players Association (NFLPA), included email addresses, mobile phone numbers and home addresses of players and agents.

It was discovered on September 26 by Bob Diachenko, the chief communications officer at cybersecurity company Kromtech Security, that roughly 1,133 NFL players and agents had their information exposed.

In this Monday, Sept. 25, 2017, file photo, the Dallas Cowboys, led by owner Jerry Jones, center, take a knee prior to the national anthem before an NFL football game against the Arizona Cardinals in Glendale, Ariz. What began more than a year ago with a lone NFL quarterback protesting police brutality against minorities by kneeling silently during the national anthem before games has grown into a roar with hundreds of players sitting, kneeling, locking arms or remaining in locker rooms, their reasons for demonstrating as varied as their methods. - Sputnik International

If You Can’t Beat ‘em, Ignore ‘em: Fox to Show Ads During NFL Anthem Protests

1 October 2017, 21:36 GMT

In total, the International Business Times reports that 1,262 email accounts belonging to both players and agents, including 75 email addresses linked to the NFLPA, were leaked. The outlet revealed that some of the emails contained information about adviser fee percentages.

The Times indicated that while not all information belonging to current players was leaked, several free agents, including Colin Kaepernick, Robert Griffin III and Darrelle Revis were affected.

Diachenko said in a statement Monday that "anybody with internet connection could have accessed the data," adding that the incident is the "first data leak of NFL player data."

Per the officials initial analysis, there technically was "no hacking" because the database "required no password or authentication."

With the database now secured, the association has since alerted all affected parties to the incident.

"We have worked with cybersecurity experts at Microsoft and our database consultant to determine the extent of the improper access. We are confident that it was limited to a two-hour period last week," the NFLPA wrote in an email, obtained by Forbes. "We want to emphasize that no information about you or your player's Social Security Number or finances was in the data. Also, we are directly informing all players involved."

The Dallas Cowboys, led by owner Jerry Jones, center, take a knee prior to the national anthem prior to an NFL football game against the Arizona Cardinals, Monday, Sept. 25, 2017, in Glendale, Ariz. - Sputnik International

The Trump-NFL Spat and Professional Athletes' Long, Proud History of Protest

26 September 2017, 19:00 GMT

"In addition to our work with Microsoft, we are engaging an independent firm to do a full review of all our cyber security measures," the email concluded.

And yet, while the NFLPA says the exposure "was limited to a two-hour period," Diachenko says otherwise. Evidence shows that the information was first compromised back in February 2017.

Citing a ransom note left by cyber criminals, Diachenko noted administrators were instructed eight months ago to place 0.1 Bitcoin, approx $429 at the time, into a Bitcoin wallet. The note gave officials 120 hours to meet their demands; if not, the information would have been released to the public.

The officials never responded and the apparently chill criminals reportedly were not true to their word.

The Elasticsearch database at the center of the issue is used to collect data for tracking and analyzing user activity on several NFL domains, according to Diachenko.