According to government reporting, 7 out of every 10 sports organizations experienced a cybersecurity breach in the last 12 months. The worst part is that athletes are so influential that cybercriminals can use them as part of an orchestrated attack that impacts millions of fans.
Which are the most prominent cyberattacks in sports history? Let’s take a deep dive and find out.
1. Floyd Mayweather – 2020 – Twitter/X Hijacking
We’ll kick off our list with a breach that targeted a huge number of celebrities and star athletes, including the greatest welterweight boxer of all time: Floyd Mayweather Jr.
The infamous attack took place back in 2020 and it targeted Kim Kardashian, Barack Obama, and even Apple’s official account, among other VIP accounts.
Cybercriminals were able to obtain $118,000 by making fraudulent posts from accounts including Mayweather’s asking unsuspecting users to send money to a Bitcoin wallet and promising to return double the money.
The most impactful detail is that cybercriminals managed to steal this money in less than three hours.
2. Lazio FC – 2018 – Whaling
In 2018, illustrious Italian Serie A club Lazio was targeted by scammers conducting a whaling campaign.
Whaling is a form of phishing and it consists of targeting high-profile executives and other individuals in positions of power in order to extract a bigger bounty. In Lazio’s unfortunate case, the whale being targeted was the entire club.
Scammers managed to get away with $2.5 million after it was sent to a fraudulent bank account for a supposed transfer fee that turned out to be false.
3. WADA – 2016 – Confidential Information Leak
The World Anti-Doping Association (WADA) works closely with leagues, promotions, and sports committees to ensure maximum transparency in the world of sports. But, despite all of its great work, not even WADA is immune to cyberattacks.
The organization was targeted by cyberattackers back in 2016 during the Rio Olympics. Information about big-name athletes like Mo Farah and Rafa Nadal was leaked to the world.
One of WADA’s in-house systems, the Anti-Doping Administration and Management System (ADAMS), was compromised and hackers from the Fancy Bear Group were able to obtain personal data related to athlete’s approval process to participate in the games.
4. NFL Teams, ESPN, and UFC – 2020 – Twitter/X Hijacking
In 2020, the notorious OurMine group hacked the Twitter accounts of 15 NFL teams (that’s almost half the league!), ESPN, and the UFC.
No financial losses were reported due to the coordinated attack, but the sheer volume of affected profiles and the size of the athletic as well as broadcasting organizations involved are also noteworthy.
As per OurMine’s claim, the stunt was to announce the return of the group after years of inactivity and to demonstrate that no account was safe, in the sports world and otherwise.
5. Fiorentina FC – 2018 – Whaling
Another Italian Serie A club makes it to our list, this time Fiorentina FC.
One of Italy’s top clubs for decades, the Florence-based side lost more than $1.7 million after one of its top executives’ credentials were obtained by scammers based in Barcelona.
The good news is that this story has a happy ending — Spain’s national police eventually arrested 11 people in connection believed to be responsible for the scheme. That said, there has been no reporting on whether the funds were ever returned.
6. Olympic Games – 2018 – Espionage
The 2018 Olympic Games took place in South Korea, but it was used by spy agencies to peek into the nation’s network.
Reports alleged that Russian hackers accessed as many as 300 computers belonging to the Olympic federation during the game’s opening ceremony.
As per usual when nations are involved, the details of what occurred afterward are obscure — but the simple potential for this to turn into an Olympic edition of The Catcher Was a Spy is enough to make the cut for most prominent attacks.
7. Formula 1 – 2017 – Sensitive Data Breach
We’ve seen cyberattacks conducted by criminal organizations and even national entities. But, the origin of the cyberattack that targeted Formula 1 team RenaultSport feels even more deceitful.
The reason? It was orchestrated by attackers who wanted to sell the team’s secrets to competitors. And, to make things worse, Renault didn’t even crack the top 5 positions at the end of that year, so many still wonder if the attackers managed to achieve their goal.
Cybercriminals obtained detailed information about the team’s technology, racecars, and strategies, and any of these could’ve put Renault at a massive disadvantage and derailed their season.
8. Houston Rockets – 2021 – Sensitive Data Leak
In April 2021, the two-time NBA champions Houston Rockets’ network was breached by the Babuk ransomware.
More than 500GB of information was leaked, including sensitive data like player contracts, team financial details, and customer records.
The most fascinating thing is that the ransomware used in the attack is considered almost rudimentary. But, the Rockets were far from the only organization to get breached by this piece of malware.
The same hackers also breached the servers of companies in healthcare and logistics, which proves why every person who has access to a network should follow security best practices.
How to Protect Yourself Against Cybercriminals
It’s scary to think that even the biggest athletes in the world can be targeted by cybercriminals, especially if you consider that each breach can cost over $9 million.
The good news is that everyone can protect themselves online by using a set of online safety tools, such as a password manager, a good antivirus program, and a virtual private network or VPN.
Choosing to buy a VPN service is a great way to protect yourself against cybercriminals because this tool encrypts your connection and prevents snoopers from intercepting your messages.
As a matter of fact, the US has suggested for years that its Olympic athletes use VPNs to stay safe and protect their privacy.
Other ways to stay safe online include:
- Keep Your Software Updated: Cyberattackers usually exploit outdated programs, so make sure that your smartphone, laptop, and other device software are up to date.
- Always Use Safe Passwords: Even if a platform doesn’t require it, make sure to choose passwords that have at least one number, one symbol, and one capital letter.
- Don’t Let Your Browser Remember Your Credentials: Saving your login credentials in different places increases your chances of compromising your data, so avoid storing your passwords on browsers and web pages.
Stay safe!
