March Madness has come and gone, you've licked your wounds and conceded that Amy in accounting knew what she was doing when she picked Villanova to win it all. While the NCAA Tournament was good for the Wildcats, it may have been really bad for you.
Wandera released a threat advisory that a CBS Sports app left personal information of millions of users unencrypted. Security researchers say the app exposed first and last names, dates of birth, email addresses, login passwords (this is why you never use the same password across multiple platforms!), and zip codes. The researchers also found that the mobile website didn't encrypt user data during the login process either. That means your email address and password information was sent in clear text.
CBS Sports Digital won't comment on why the app even needed that kind of personal information in the first place, but says the vulnerability is fixed.
SC Magazine obtained a statement from CBS Sports Digital which read:
"There was no data breach on either the CBS Sports app or mobile site. Our internal teams are rigorous about monitoring our platforms for any potential security issues. We take issue with outside companies publicizing the security operations of other firms for their own purposes rather than user protection."
Oh, really? Because someone else exposed a security flaw that you're responsible for, you "take issue" with it? We know you'd rather sweep this under the rug and pretend it didn't happen, CBS Sports Digital. But to publicly decry a security team for exposing a vulnerability to millions of people is just bad form.
Security researchers reported the issue to CBS Sports Digital on March 18. Which, you'll recall, was at the height of the first round of the NCAA Men's Basketball Tournament.
So, if we've learned anything from this, it's that CBS Sports Digital is mad that someone discovered that they weren't protecting your information. Lesson two: be sure to mix up your passwords. And if Amy in accounting uses the same password for her online shopping, work station login, and office pool apps, now's a good time to remind her about the importance of long and strong passwords!
