Deciphering Security Trends in the Sports Sector

A preview of recent cyber threats

• A security lapse at Town Sports International affected almost a terabyte of sensitive data belonging to its customers. The unprotected server in question was exposed for almost a year before the firm took it offline.
• ArbiterSports paid off hackers to delete the stolen details of 540,000 sports referees. The database in possession of threat actors contained data from ArbiterGame, ArbiterOne, and ArbiterWorks web application.

A potential target for BEC fraud

• Apart from cyberattacks, sports clubs are a lucrative target for BEC scams wherein fraudsters try social engineering tricks to conduct fraudulent wire transfers or exfiltrate sensitive data.
• In July, fraudsters attempted to steal nearly $1.25 million on the pretext of transferring a player in the English Premier League.   

Security issues in fitness apps add more woes

• Amid the ongoing pandemic, fitness, and gym mobile applications have gained huge traction among gym enthusiasts and athletes. With the rising popularity, these apps are an easy target for threat actors as they possess a huge trove of sensitive user data.
• In a recent security incident, researchers discovered a privacy issue in Strava, a popular fitness app used by athletes, that exposed users’ information to nearby strangers. The issue stemmed from the information-sharing feature in the app.
• In mid-August, around dozens of fitness and gym apps using the vulnerable Fizikal API were found exposing personal data of thousands of users. Additionally, the vulnerabilities could be exploited to hijack an app account. 

Final words