The world’s top companies use wandera Learn Why Try Wandera for Free

Official NFL App Leaking Data Just Days Before Big Game

Official NFL App Leaking Data Just Days Before Big Game

304 304 Liarna La Porta

Just days before this year’s Big Game between the New England Patriots and Seattle Seahawks, the security team at Wandera discovered a serious security hole in the popular Official NFL app. The vulnerability was leaving highly valuable personal information exposed to hackers. The risk was particularly high at a time when NFL fans around the world were likely to be accessing the app ahead of the biggest game in the season.

Wandera’s scanning technologies discovered that after the user securely signed into the app with their NFL.com account, the app leaked their username and password in a secondary, insecure (unencrypted) API call. The app also leaked the user’s username and email address in an unencrypted cookie immediately following login and on subsequent calls by the app to nfl.com domains.

With these credentials, an attacker could’ve accessed the user’s full NFL profile. This profile page was unencrypted as well, so the registered personal data (including email, postal address, phone number, occupation and date of birth) was also vulnerable to man-in-the-middle intercept.

A very high percentage of Official NFL app users reuse passwords across multiple accounts, so the email/password combination for NFL Mobile may have been the same as those used to access sensitive corporate data, banking sites, or other high-value targets. Moreover, date-of-birth, name, address and phone number were the exact building blocks required to initiate a successful identity theft from the NFL fans.

Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta
Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta