Cyberattackers Hoop NBA Fan Data via Third-Party Vendor
The basketball playoffs are around the corner and convincing social-engineering attacks on fans using NBA-themed lures could be too.
As it moves into the final stretch of its regular season, the National Basketball Association said over the weekend that "an unauthorized third party" netted a database filled with the names and email addresses of fans.
The data was housed by a newsletter service that it partners with, the NBA noted in a letter to those affected — an all-too-common instance of the risk that third-party vendors can represent for organizations if their security isn't properly vetted.
For the affected fans of the sport, they now have more to deal with than just handicapping the playoff picture. While account credentials, phone numbers, and other sensitive information were not included in the heist, they should still expect targeted email phishing attacks related to NBA topics, the NBA warned in the letter, which was tweeted out by one recipient. Those could include messages appearing to relate to office pools and other business-themed attacks.
"Even though the information did not contain much sensitive information, by using a name and email address, along with the knowledge that this individual has an interest in the NBA, social engineers could put together a much more appealing phishing attack than if they had none of this information," Erich Kron, security awareness advocate at KnowBe4, said in an emailed statement.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024