NBA fans are being warned their data might have been hacked
Fan names and email addresses stolen, NBA says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Basketball fans interested in getting regularemailupdates from the NBA may have had some of their personal data stolen, the body has confirmed.
The NBA has sent out a “Notice of cybersecurity incident” to an “unknown number” of fans,BleepingComputerreported.
In the notice, the organization said that some fans who were signed up foremail marketing servicessuch as newsletters may have had their names and emails taken by an unknown threat actor. This data was kept by a third party newsletter service tasked with sending out email notifications and news.
Passwords are safe
“We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA,” the NBA said.
Other data remains secure, the organization added: “There is no indication that our systems, your username, password, or any other information you have shared with us have been impacted.”
This information suggests it was clearly a supply-chain attack, however, the NBA did not say who the targeted third party is, nor how it was breached.
It did warn its users that whoever obtained this data can now use it in phishing andidentity theftattacks:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Top background check services hit by data breach>What is a data breach scanner, how does it work, and why does your business need one?>Check out the best privacy tools right now
“Given the nature of the information, there may be heightened risk of you receiving ‘phishing’ emails from email accounts appearing to be affiliated with the NBA, or of being targeted by other so-called ‘social engineering’ attacks (where an individual seeks to trick the target into sharing confidential information or otherwise taking actions contrary to his or her own interest,” the NBA said.
The organization concluded the update by saying that the NBA will never ask its fans for any type of account information.
To be on the safe side, it added, fans are urged to be on the safe side whenever getting an email that seems to be from the NBA. They can do that by making sure the email was sent from an @NBA address, and that any links shared in the email point to a trusted website. Finally, fans are advised to never open email attachments they weren’t expecting to receive.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
