Sports analytics technology company TrackMan was unknowingly exposing sensitive customer data, researchers have warned.
Jeremiah Fowler, a security analyst known for tracking down unprotected databases, revealed new findings he determined belonged to TrackMan.
The database did not have a password, and contained 31,602,260 records – for a total of 110 TB, including sensitive customer data such as names, email addresses, IP addresses, and security tokens – plenty of information to run identity theft, phishing, and other malicious activities.
Ramifications of unsecured databases
After discovering the database, Fowler reached out to TrackMan, who restricted public access the same day. However, we don’t know for how long it was sitting out in the open, or if someone accessed it beforehand. We also don’t know if it’s TrackMan who manages this database, or if it is a third party.
TrackMan is a technology company specializing in sports analytics, particularly for golf and baseball, with solutions used by the Golf Channel, BBC, and CNN World. It uses radar and imaging technology to track the trajectory and performance of balls and players with high precision. Athletes, coaches, and teams, use TrackMan’s detailed insights to improve performance on things like ball speed, launch angle, or spin rate. Its products are widely used in professional leagues, training facilities, and by broadcasters for enhancing sports analysis and fan experiences.
Unsecured databases remain a top cause of data breaches and leaks. They are often inadvertently exposed to the internet, either due to misconfigurations or oversight during deployment. Without basic security measures like password protection or encryption, they become easy targets for hackers, who can locate them using automated tools and web scanners. The simplicity of accessing these databases, often without needing to bypass any security layers, makes them highly vulnerable to unauthorized entry.
The ramifications of hackers finding such databases are severe. Businesses can experience financial losses, regulatory fines, reputational damage, and loss of customer trust. They can also face lawsuits, compliance violations, and long-term operational disruption.