Threat Watch

NCSC Issues Password Change Warning for Football (Soccer) Fans

With the return of Premiere League and Championship football matches starting for the first time since March, the UK’s National Cyber Security Centre (NCSC) has instructed football fans to change their passwords as many hackers may be looking to exploit unsecure login credentials for their own gain. This announcement comes shortly after GCHQ revealed that a good portion of passwords are simply the name of a football team.

ANALYST NOTES

Recommendations: Binary Defense recommends using strong, uniquely generated, randomized passwords in addition to a password manager. This will allow you to store and manage multiple passwords without needing to remember each one. Binary Defense also recommends not using an employer-issued email address to register accounts on third-party websites such as sports fan sites, social media or personal shopping sites. If the passwords for those sites are stolen by an attacker, they often try the same passwords to authenticate to employee email accounts or remote access portals. That can turn a small problem of a stolen account into a corporate data breach. NCSC is also urging people to check out their “Cyber Aware” campaign: https://www.ncsc.gov.uk/cyberaware/home

https://www.zdnet.com/article/phishing-warning-reset-your-password-to-lockout-crooks-football-fans-told/