Baseball is a sport in which stealing bases is encouraged. Stealing bases can only be accomplished by the fastest, most agile players, providing a tremendous advantage to the offense by advancing players into better scoring positions.

Recent news about the St. Louis Cardinals being under investigation by the FBI and Justice Department prosecutors for allegedly hacking into one of the Houston Astros’ internal networks and allegedly stealing information from its database brings an unwanted new twist to the term stealing base. According to law enforcement officials, FBI investigators have “uncovered evidence that Cardinals employees broke into a network of the Astros that housed ‘special databases'” and compromised internal information about trades, proprietary statistics and scouting reports. The New York Times reported that this breach is the first known case of professional sports corporate espionage in which one team hacked the other team’s network.

The reported breach doesn’t appear to have been very sophisticated. It looks like the perpetrators relied on past behavior and passwords used for a previous Cardinals database to break into a newer version of the same database — this time, the Astros. The Cardinals used a computer program that houses all of the Cardinals’ baseball operations information, including scouting reports and player information. Access to the program for Cardinals executives was controlled via password. After former Cardinals executive Jeff Luhnow left the team and joined the Astros, he created a similar program to house the Astros’ “collective baseball knowledge.” Apparently, the alleged hackers used the Cardinals’ master list of passwords to break into the new Houston program; those same passwords provided access the Astros’ system, as well.

It is a known fact that many people reuse their passwords. Managing and remembering multiple different passwords is a hassle. In order to minimize the number of passwords users need to remember, some will reuse the same password over and over. In some cases, they use the same passwords for both corporate systems and personal apps. This is a dangerous practice because, if stolen or exposed to others, that single password can provide access to multiple systems and sites. Furthermore, cybercriminals know this, which is why even seemingly innocuous credentials are so valuable to them. There is no shortage of examples of websites that were breached and user credentials stolen. Just this week, we wrote about the breach incident at LastPass, a cloud-based password manager.

In an era of boundless data breaches and targeted attacks, it is imperative that organizations enforce password security policies that require employees to use different passwords for accessing corporate resources and personal apps. This can easily be achieved with credential protection platforms that can automatically alert on, and optionally prevent, password reuse by employees. As this breach demonstrates, exposed or stolen credentials can have a far-reaching impact, both on the financial side as well as the overall impact to the brand.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…