Yesterday, I heard the news that the French Football Federation had been hacked and had its data stolen. When I heard that the hackers were able to hack into their system using the login of an account they stole, I thought, "How did that happen in the first place?" and "Wow, there are so many people who are vulnerable when they're online, including the biggest organizations in our world."
At the time this event occurred, the hackers had effectively completed their task, and consequently, could take no more from the targeted organization. What information did they acquire? The hackers took the following details:
• Closed down the compromised login.
• Instructed users to change their password.
• Provided formal notification of the incident to local law enforcement as well as the cybersecurity authority.
• Started to make contact with individuals who had their login credentials compromised and advised them of possible phishing email/SMS to be on the lookout for.
• Advised individuals they should delete any suspicious emails/SMS messages and should never share personal or financial information with anyone who requests such information without prior notification.
Now I know you are probably saying to yourself – “I’m not French; why do I care?”
The real issue with this attack is that a single weak link in the chain of security can bring down an entire organization - not only a sports team, but also schools, banks, and even small websites. Hackers are always searching for the easiest way in.
How Did It Happen?
The hackers accessed the French Football Federation's computer system by taking over the log-in for a user account. Once the hackers accessed the system, they were able to access the section that all French football teams use to track their members. The French Football Federation then blocked the access of the hacked account and required all members to change their passwords.At the time this event occurred, the hackers had effectively completed their task, and consequently, could take no more from the targeted organization. What information did they acquire? The hackers took the following details:
- Complete Name
- Gender
- Birthdate and Place of Birth
- Country of Citizenship
- Residential Location
- E-Mail Address/Phone Numbers
- Member/License ID number
What did the FFF do afterward?
Following the hacking incident at FFF, significant measures were taken. They• Closed down the compromised login.
• Instructed users to change their password.
• Provided formal notification of the incident to local law enforcement as well as the cybersecurity authority.
• Started to make contact with individuals who had their login credentials compromised and advised them of possible phishing email/SMS to be on the lookout for.
• Advised individuals they should delete any suspicious emails/SMS messages and should never share personal or financial information with anyone who requests such information without prior notification.
Now I know you are probably saying to yourself – “I’m not French; why do I care?”
The real issue with this attack is that a single weak link in the chain of security can bring down an entire organization - not only a sports team, but also schools, banks, and even small websites. Hackers are always searching for the easiest way in.
What Did We Learn From This?
Here are some basic recommendations to keep all of your online accounts more secure:- Use distinct passwords for your major accounts;
- Enable 2-step verification whenever available;
- Avoid clicking on unknown links;
- Do not respond to messages requesting your personal information; and
- Regularly change your passwords.
