Caught stealing? MLB team accused of corporate espionage

Many people think corporate espionage only deals with stealing plans for upcoming products or top-secret designs. But these days everyone can get in on the act: even our national pastime. 

It’s recently been revealed that at least one employee of the St. Louis Cardinals may have hacked into a rival team’s database that contained evaluations of players, potential trades and more.

At first, the attack was thought to be a random attack. Now the FBI is opening an investigation into whether the Houston Astros’ “Ground Control” database was hacked by a member of the Cardinals organization.

How it happened

The attack was very low-tech. And the vulnerability that may have allowed it to happen is a familiar one to many companies.

Signs indicate that when several executives of the Cardinals took a job with the Astros, an employee or employees of the Cardinals simply attempted to log onto the rival team’s systems using the same username and password that they had on the Cardinal’s systems.

Evidently, it worked.

No one really needs a reminder that re-used passwords are a serious security threat. But this case shows just how easy it can be to gain access to a user’s account when passwords are used and reused.

(This is doubly true for standard passwords that are used by default on many devices, such as “password” or “admin.”)

Of course, a solid password policy could’ve helped discourage this weakness. But only if it was followed through on.

Other lessons learned

If you don’t think this incident will be the silver bullet that once and for all teaches all your users the importance of protecting valuable passwords, consider sharing some more notable things about this security breach with executives.

  1. Every company has valuable info. Player evaluations aren’t exactly nuclear secrets. But they are valuable to the Astros organization – and therefore, valuable to their rivals. All data needs to be protected, whether your organization deals in high-profile dealings or not.
  2. Beware rogue employees. In the best case, this employee acted without his or her employer’s knowledge. But if he or she was willing to spy on a former co-worker, it indicates your own company may also be targeted.
  3. Hacks hurt everyone. The Cardinals will face major criticism as a result of this attack, no matter their level of involvement. The Astros are going to be equally embarrassed, as part of the leaked information was candid evaluations of their own employees, the players. Proving who was at the bottom of this doesn’t really matter: The damage is already done.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy