There are a couple of things in this article that should raise red flags for any security minded IT professional.
1. Investigators believe Cardinals officials, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow 2. MR Luhnow reusing his passwords. First. There should never be a record of peoples passwords (the only that should know the password is the user). If a manager needs access to someones account after they leave, reset it. Second. There is obviously a very lenient password changing policy at the Astro’s front office as the user reusing his password for several years. Third. How many want to bet Mr Luhnow uses the same password on his personal accounts. Mike From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Tuesday, June 16, 2015 1:23 PM To: [email protected] Subject: [NTSysADM] Don't re-use your passwords, folks St. Louis Cardinals employees apparently used known passwords of a former executive to access records of his new employer, the Houston Astros. http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html It'll be interesting to see how hard the FBI and DoJ come down on the perpetrators. I'm guessing what they did is felonious and violated any number of different laws.
