NBA fans are being warned their data might have been hacked

News
By Sead Fadilpašić
published

Fan names and email addresses stolen, NBA says

Stephen Curry #30 of the Golden State Warriors reacts after the Phoenix Suns missed a basket
(Image credit: Getty Images / Ezra Shaw)

Basketball fans interested in getting regular email updates from the NBA may have had some of their personal data stolen, the body has confirmed.

The NBA has sent out a “Notice of cybersecurity incident” to an “unknown number” of fans, BleepingComputer reported. 

In the notice, the organization said that some fans who were signed up for email marketing services such as newsletters may have had their names and emails taken by an unknown threat actor. This data was kept by a third party newsletter service tasked with sending out email notifications and news.

Passwords are safe

"We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA," the NBA said. 

Other data remains secure, the organization added: "There is no indication that our systems, your username, password, or any other information you have shared with us have been impacted."

This information suggests it was clearly a supply-chain attack, however, the NBA did not say who the targeted third party is, nor how it was breached. 

It did warn its users that whoever obtained this data can now use it in phishing and identity theft attacks: 

Read more

> Top background check services hit by data breach

> What is a data breach scanner, how does it work, and why does your business need one?

> Check out the best privacy tools right now

"Given the nature of the information, there may be heightened risk of you receiving 'phishing' emails from email accounts appearing to be affiliated with the NBA, or of being targeted by other so-called 'social engineering' attacks (where an individual seeks to trick the target into sharing confidential information or otherwise taking actions contrary to his or her own interest," the NBA said.

The organization concluded the update by saying that the NBA will never ask its fans for any type of account information. 

To be on the safe side, it added, fans are urged to be on the safe side whenever getting an email that seems to be from the NBA. They can do that by making sure the email was sent from an @NBA address, and that any links shared in the email point to a trusted website. Finally, fans are advised to never open email attachments they weren’t expecting to receive. 

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.