Data breach at prominent sports technology company
Tens of millions of TrackMan records were published online.
Recent investigations have revealed that the sports analytics technology company TrackMan accidentally exposed sensitive data of its clients. Jeremiah Fowler, a well-known security analyst recognized for identifying unprotected databases, discovered a database related to TrackMan that lacked a password and contained over 31 million records, totaling 110 TB. This database held sensitive information, including names, email addresses, IP addresses, and security tokens, which could facilitate identity theft, phishing, and other malicious activities.
After the discovery, Fowler reached out to TrackMan, which quickly restricted public access to the database. However, it remains unclear how long the data was exposed, and if anyone accessed it before measures were taken. There is also uncertainty regarding whether TrackMan manages this database or if it is handled by a third party.
TrackMan specializes in technology for sports analytics, particularly in golf and baseball, and its solutions are utilized by major entities such as Golf Channel, BBC, and CNN World. The company uses radar and imaging technology to accurately track players' trajectories and performance. Athletes, coaches, and teams use TrackMan's detailed analytics to enhance their performance in areas like ball speed, launch angle, and spin rate. Their products are widely adopted in professional leagues, training facilities, and by broadcasters to enrich sports analysis and enhance the fan experience.
Unsecured databases remain one of the leading causes of data breaches and leaks. Often, they are accidentally exposed on the internet due to configuration errors or oversights during implementation. Without basic security measures, such as password protection or encryption, they become easy targets for hackers, who can locate them using automated tools and web scanners. The ease of accessing these databases, typically without needing to bypass security layers, makes them highly vulnerable to unauthorized access.
The consequences of hackers finding these databases can be devastating. Companies may suffer financial losses, regulatory fines, reputational damage, and loss of customer trust, as well as facing lawsuits, compliance violations, and long-term operational disruptions.
