Top sports tech firm TrackMan fails to protect user info
New research finds sport analytics technology company TrackMan has unknowingly exposed sensitive customer data. Undertaken by Security Analyst Jeremiah Fowler, who is known for tracking down unprotected databases, the research has revealed findings that he determined belonged to TrackMan.
The research finds that the 110 TB data which belonged to about 32 million TrackMan users was reportedly not password protected or encrypted. The sensitive customer data included names, email addresses, IP addresses, and security tokens – information that could be leveraged to run identity theft, phishing, and other malicious activities.
Unsecured database and ramifications
Fowler reached out to TrackMan with his discoveries, and the company restricted public access the very day. However, it is not known how long it was accessible to public or if someone has already used it. It is also yet to be determined if TrackMan manages this database or a third party.
TrackMan is a technology company that specialises in sports analytics, especially golf and baseball. The company’s solutions are used by Golf Channel, BBC, and CNN World. Using radar and imaging technology, the company tracks the trajectory and performance of balls and players with great precision. TrackMan’s insights are used by athletes, coaches and teams to improve performance of ball speed, launch angle, or spin rate.
One of the main reasons for data breaches and leaks is unsecured databases. They are often unintentionally exposed to the internet as a result of deployment or configuration errors. They become easy targets without basic security features like encryption or password protection and are easily prone to be found by hackers using web scanners and automated programs. Because these databases are so easily accessed—often without requiring the user to get past any security measures—they are extremely susceptible to unwanted access.
Severe ramifications result from hackers finding such databases, including businesses experiencing financial losses, regulatory fines, reputational damage, and loss of customer trust. Lawsuits, compliance violations and operational disruptions could potentially follow.
