Over 500k ArbiterSports Accounts Allegedly Breached
ArbiterSports is an application and a service used by sports officials in college, school and youth football in the USA. According to reports, the platform has been breached and 500 thousand user accounts have been exposed in the wake of the attack.
The breach was a significant event as the accounts affected contained a lot of personally idenfitiable information, including names, dates of birth, emails, addresses and social security numbers of the users. ArbiterSports sent a disclosure letter to their users, informing them of a security breach that took place in mid-July. The company became aware of the attack on July 15, 2020. The initial hack, however, likely took place around two weeks prior.
A total of 539 thousand accounts were affected by the hack and official documents filed with the Indiana Attorney General's office confirm that there was significant personal information contained in the leaked accounts. ArbiterSports stated that they contacted the bad actors behind the attack and the criminals demanded monetary ransom, promising they would delete the stolen account information. Again, according to the company, some sort of ransom agreement was reached and the ransom was paid. Against its money, ArbiterSports stated they received "confirmation" that the hackers deleted the files and information.
This handling of the situation did not make the best impression, as ArbiterSports essentially took a bunch of cybercriminals on their word to delete valuable stolen information. A Medium article was later published that levied strong criticisms against the company for its approach to the attack and the ransom demand. The article strongly implies that ArbiterSports were not storing passwords in hashed format and were using poor encryption for the social security numbers of users.
Similar data breaches happen more or less on a daily basis across different websites, apps, services and platforms. While you cannot do much once your info leaks from a database apart from change your passwords as quickly as possible or even close that account entirely, there are a few things you can do before any potential breaches happen.
Always use additional protection if the platform offers it
A lot of websites and apps offer their users two-factor authentication in the form of text messages, additional emails or an extra app on your mobile phone that is used for extra verification. Always make sure to use this extra layer of security and protection on any platform that offers it.
Use strong and complex passwords
A good rule of thumb is to always use complex, compound password strings that contain a healthy mix of upper and lowercase letters, digits and special symbols. The sheer number of possible combinations that all those different characters open up makes such passwords virtually impossible to brute-force.