While supporting any sports team comes with a fair share of stress, aficionados of the NFL’s Miami Dolphins may have to worry about more than their favorite team conceding a touchdown.
The Cybernews research team has found that FinHeaven, a forum uniting hundreds of thousands of Miami Dolphins fans (DolFans), exposed a database backup with sensitive information about its users. An open and freely accessible web directory revealed data of over 140,000 DolFans.
The backup, created on July 6th, 2024, revealed details such as usernames, dates of birth, email addresses, and private user messages exchanged on the forum. The database also included user passwords. However, passwords were hashed, providing an additional layer of security.
The team noted that FinHeaven used two types of hashing algorithms, MD5 and bcrypt. While researchers deemed that the specific version of bcrypt was “relatively resistant” to password cracking, the MD5 was deemed “easy to crack.”
According to the team, the leaked dataset could be used against DolFans in the wrong hands. For example, cybercriminals could try to doxx or, in other words, discover the real identity of the forums’ users. Additionally, attackers may attempt targeted phishing campaigns and try reusing stolen credentials on other accounts affiliated with the leaked email addresses.
Depending on what the forum users utilized the platform for, attackers may find even more nefarious ways to exploit the exposed data.
“Since the leak included private messages sent on the forum, the dataset could be very valuable to malicious actors for blackmail, utilizing private messages stored in the exposed backup,” the team said.
Researchers advise administrators to restrict access to a web server by utilizing firewalls or authentication and authorization features to avoid leaking sensitive user information. Otherwise, sensitive data should not be stored on such databases. To avoid misuse of the leaked data, FinHeaven should also reset any leaked credentials.
According to the team, the backup database is no longer open to the public. We’ve reached out to FinHeaven for comment and will update the article once we receive a reply.
FinHeaven is a community forum that’s not directly affiliated with the Miami Dolphins. The online community claims to be supported by member donations. Meanwhile, the Miami Dolphins is an American football team that competes in the NFL's American Football Conference East division.
Your email address will not be published. Required fields are markedmarked