A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of current and former players.
Kromtech Security Center, which made the discovery on Sept. 26, said the database had been breached by an adversary who left behind a “pleasereadthis” file that demanded 0.1 bitcoin ($440) or the database would be made “public” within 120 hours. The ransom was never paid and the NFL Players Association has since secured the data, according to Kromtech.
Leave a reply
