Is proper password management really necessary? Major League Baseball's Houston Astros recently learned the hard way that it absolutely is. The St. Louis Cardinals are currently under investigation for hacking into the Astros database and compromising data that included trade discussions, statistics and scouting reports.
Originally, Investigators believed that the Cardinals were able to access the information on the Astros system largely due to the fact that Jeff Luhnow, who formerly worked for the Cardinals, never changed his passwords when he left the St. Louis organization. Therefore, members of the Cardinals front office who had access to Luhnow's list of master passwords were able to access his new system in Houston. However, more recent information from MLBTradeRumors.com suggests that “the breach involved more than taking old passwords.” Additionally, Luhnow has denied the sentiment that his passwords have gone unchanged. In a recent statement Luhnow said,
“I absolutely know about password hygiene and best practices. I’m certainly aware of how important passwords are, as well as of the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.”
The Cardinals attack seems to be a "revenge" effort based on the belief that Luhnow took proprietary information from the Cardinals' data system and applied it to his new system in Houston. To this point, the St. Louis Cardinals organization has only released the following statement,
“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database. The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”
Whether this attack was executed due to a lack of password security, this should serve as a reminder as to how important it is to take proper security measures when it comes to data protection. Something as simple as not taking the small amount of time it takes to change a password could be the root of a devastating blow to a business.
Important tips for password security
Don't let what happened to the Hosuton Astros happen to your clients. Make sure they understand the importance and repercussions of proper and improper password management. Some best practices to be teaching customers and employees include:
- Make sure password length is at least 8 characters
- Don’t use real words
- Use both upper and lower case characters
- Include numbers and special symbols when allowed
- Don’t use personal data
- Make patterns random and not sequential or ‘ordered’
For more on password security, be sure to check out our post on "Important Tips for Improving Password Security."
Although a security breach is never a laughing matter for those involved, it hasn't stopped some Major League Baseball fans from having some fun on social media. Check out some of the more entertaining responses to the latest sporting scandal.
By Lily Teplow
By Brian Downey
By Dave LeClair