
New research points to a data leak affecting golf and baseball enthusiasts using TrackMan devices.
Cybernews has received information that a Danish-owned sports technology company has exposed a 110TB publicly accessible database containing 31,602,260 sensitive data records. Cybersecurity Researcher Jeremiah Fowler discovered the leak.
The leaked data included:
- The user’s name
- Email address
- Service information, including Globally Unique Identifier (GUID)
- WiFi and device hardware information
- WiFi and device hardware information
- WiFi and device hardware information
- IP addresses
- Camera log details
- Security tokens
TrackMan is a popular sports software provider that focuses on data analytics to improve performance in sports like golf and baseball. It offers subscription software, indoor golf simulators, and devices like launch monitors to measure club speed, ball speed, and spin rate.
Their systems use Doppler radar and imaging to track ball flight and player movement in detail. TrackMan's technology is also used in broadcasting, providing graphics and stats to enhance the viewer experience.

The company’s sports analytics tools support performance analysis, coaching, and player development, which both amateur and professional sports representatives use.
The TrackMan system and software are priced at $21,995 for non-commercial use, with an annual software subscription costing an additional $1,100. The high prices suggest that users could be an attractive target for cybercriminals.

“It’s not known how long the database was exposed or if anyone else gained access to it,” said the researcher via Website Planet.
“Only an internal forensic audit could identify additional access or potentially suspicious activity.”
Since malicious actors continuously and persistently scan the internet for publicly accessible databases, there is a good chance somebody may have found the leak.

The company has not responded to the researcher’s disclosure. Cybernews contacted the company for a comment, but no response has yet been received.
According to the researcher, the leaked data could be exploited to target TrackMan users with tailored spam, spear-phishing attacks, social engineering schemes, and malware distribution.
Cybercriminals can use GUIDs for network surveillance, gathering information about software versions, configurations, and known vulnerabilities. Once they find a weakness, they can target specific GUIDs linked to these flaws and potentially exploit the device’s defenses, including gaining unauthorized access or escalating privileges.

WiFi driver and configuration details also pose significant security risks. If cybercriminals identify vulnerabilities in a device’s wireless adapter, they could gain access to the device or network. Knowing the type of authentication and encryption (like WPA2 or WPA3) could help them launch brute force or downgrade attacks.
A successful man-in-the-middle (MITM) attack could compromise the router, allowing criminals to intercept or alter communications between connected devices and the network.
Fowler claims to have sent a disclosure to the company. While he received no response, access to the database has been secured.
Your email address will not be published. Required fields are markedmarked