MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Houston Astros Hacked by Members of St. Louis Cardinals

Posted June 18, 2015by Ben Barker

Astros_Hacked_by_Cardinals.jpg


Is proper password management really necessary? Major League Baseball's Houston Astros recently learned the hard way that it absolutely is. The St. Louis Cardinals are currently under investigation for hacking into the Astros database and compromising data that included trade discussions, statistics and scouting reports. 

Originally, Investigators believed that the Cardinals were able to access the information on the Astros system largely due to the fact that Jeff Luhnow, who formerly worked for the Cardinals, never changed his passwords when he left the St. Louis organization. Therefore, members of the Cardinals front office who had access to Luhnow's list of master passwords were able to access his new system in Houston. However, more recent information from MLBTradeRumors.com suggests that “the breach involved more than taking old passwords.” Additionally, Luhnow has denied the sentiment that his passwords have gone unchanged. In a recent statement Luhnow said,

“I absolutely know about password hygiene and best practices. I’m certainly aware of how important passwords are, as well as of the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.”

The Cardinals attack seems to be a "revenge" effort based on the belief that Luhnow took proprietary information from the Cardinals' data system and applied it to his new system in Houston. To this point, the St. Louis Cardinals organization has only released the following statement,

“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database. The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”


Whether this attack was executed due to a lack of password security, this should serve as a reminder as to how important it is to take proper security measures when it comes to data protection. Something as simple as not taking the small amount of time it takes to change a password could be the root of a devastating blow to a business.


Important tips for password security

Don't let what happened to the Hosuton Astros happen to your clients. Make sure they understand the importance and repercussions of proper and improper password management. Some best practices to be teaching customers and employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’

For more on password security, be sure to check out our post on "Important Tips for Improving Password Security."


Fan Reactions

Although a security breach is never a laughing matter for those involved, it hasn't stopped some Major League Baseball fans from having some fun on social media. Check out some of the more entertaining responses to the latest sporting scandal.


Top Security and Compliance Issues and How to Approach Them Navigate 2014 Session

Ben is a graduate of Emerson College and a huge Boston sports fan.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus