Fantasy Football Hub, a start-up specializing in Premier League fantasy football, admitted it had suffered a data breach.
They believe the hacker had gained access to their WordPress administrator dashboard and downloaded the Hub's usernames, emails, site financial reports, and affiliate payment records.
“On Saturday evening, our website suffered a cyber attack. We're working with Action Fraud, the police, the ICO, our hosting company, and security firms on the issue. We want to be completely transparent with our users and members about what has happened and what we are doing about it. Until the forensic examination is complete, users must assume any non-payment information they provided as part of the sign-up process has been compromised,” the company said in a blog post.
The company assured its customers that no bank details have been compromised as these are handled by payment gateways, PayPal and Stripe.
Fantasy Football Hub apologizes for the breach, saying they are “deeply sorry for everything that has happened and understand the pain and anger felt by many.”
To mitigate the breach, the company has reset all the user passwords and implemented a password complexity policy for all site users, limiting similar attacks.
Fantasy Football Hub has also run malware scans and booked in periodic external security and penetration testing. It also claims to have significantly upgraded the website's password hashing policy, activated two-factor authentication for site admins, and will be rolling this feature out to all users.
The company did not disclose how many users have been affected.
More from CyberNews:
Subscribe to our newsletter