Personal info of nearly 1,200 NFL players and agents exposed in NFLPA database breach.
Forbes has reported that the NFL Players Association has suffered a database leak, exposing the personal information of 1,133 NFL players and agents.
Most notably, Colin Kaepernick was among the players whose information was exposed as the result of a misconfigured online database operated by the NFLPA, per an internet security company.
Kaepernick, who was the target much scrutiny — including death threats — last year after kneeling during the national anthem, his way of bringing attention to police brutality and racial inequality. The leak included such information as his home address and cell phone number.. Kaepernick is not currently on an NFL roster.
News of the leak originally was received from Bob Diachenko of cybersecurity company Kromtech Security. He alerted Forbes last week that he’d run across an open Elasticsearch database in a NFLPA.com server. As a result of the misconfiguration, any data inside the server would be accessible to anyone who had the correct link. Diachenko warned that the database was compromised when he found it, with a ransom note left inside from this past February.
Someone left a message on the compromised NFLPA database asking for .01 BitCoin (about $427).
“IF PAYMENT IS NOT MADE WITHIN 120 HOURS WE WILL LEAK THE DATABASE TO PUBLIC.”
As of this week, no one has paid the ransomware demand.
There has been no statement from the NFLPA as of yet.