The personal data of more than 1,100 NFL players and agents was exposed as the result of a misconfigured online database, a cybersecurity company has revealed.
Bob Diachenko, the chief communications officer for Kromtech Alliance, wrote in a blog post on the company’s website Monday that researchers had identified a publicly accessible database with players’ and their agents’ private information.
The database, operated by the NFL Players Association, could have been accessed by “anybody with Internet connection,” Diachenko wrote in the blog post.
{mosads}
He also said that researchers had discovered that the server had been the victim of a ransomware attack, with hackers attempting to lock up the information and require a payment of 0.01 BitCoin — worth about $427 — to unlock it.
“IF PAYMENT IS NOT MADE WITHIN 120 HOURS WE WILL LEAK THE DATABASE TO PUBLIC,” a ransom message left inside the database read.
So far, it does not appear that anyone has paid the ransomware demand.
Forbes first reported the private data exposure, which affected 1,133 players and agents.
Among the players whose information was exposed was former San Francisco 49ers quarterback Colin Kaepernick, who stirred controversy last year by kneeling during the national anthem to protest police misconduct and racial inequality.
According to Kromtech, Kaepernick’s email, home address and phone number were exposed by the database. Kaepernick, who’s currently an NFL free agent, has said that he has received multiple death threats for his protests.