Cyberattackers Hoop NBA Fan Data via Third-Party Vendor

The basketball playoffs are around the corner and convincing social-engineering attacks on fans using NBA-themed lures could be too.

Dark Reading Staff, Dark Reading

March 20, 2023

1 Min Read
The homepage of the NBA website for fans
Source: NetPhotos via Alamy Stock Photo

As it moves into the final stretch of its regular season, the National Basketball Association said over the weekend that "an unauthorized third party" netted a database filled with the names and email addresses of fans.

The data was housed by a newsletter service that it partners with, the NBA noted in a letter to those affected — an all-too-common instance of the risk that third-party vendors can represent for organizations if their security isn't properly vetted.

For the affected fans of the sport, they now have more to deal with than just handicapping the playoff picture. While account credentials, phone numbers, and other sensitive information were not included in the heist, they should still expect targeted email phishing attacks related to NBA topics, the NBA warned in the letter, which was tweeted out by one recipient. Those could include messages appearing to relate to office pools and other business-themed attacks.

"Even though the information did not contain much sensitive information, by using a name and email address, along with the knowledge that this individual has an interest in the NBA, social engineers could put together a much more appealing phishing attack than if they had none of this information," Erich Kron, security awareness advocate at KnowBe4, said in an emailed statement.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights