“The National Basketball Association (NBA) is warning fans of a data breach that leaked their personal information from a third-party newsletter service.” The data breach, which did not compromise the victims’ usernames, passwords, or other important information, exposed names and email addresses. However, just this information could leave victims vulnerable to potential “social engineering attacks”. Sports organizations and newsletter service provides are both common targets for cybercriminals. “Even though the information did not contain much sensitive information, by using a name and email address, along with the knowledge that this individual has an interest in the NBA, social engineers could put together a much more appealing phishing attack than if they had none of this information.”
