In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team. Chris Correa of the St. Louis Cardinals was convicted of hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players. Correa is presently serving a 46 month prison sentence. At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals. Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros. A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals. Armed with this password, Correa stole data from Ground Control for use by the Cardinals.
Now Major League Baseball Commissioner Rob Manfred has acted in the matter, banning Correa from baseball for life and ordering the Cardinals to pay 2 million dollars to the Astros as well as forfeit to the Astros their two top picks in the June amateur draft. In his ruling, Commissioner Manfred indicated that the hacking scheme was entirely the work of Correa.
Perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into. Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at other places such as banks, brokerage houses and other companies where the victim can suffer substantial financial losses. The best course to follow is to have a difficult to crack password that is unique for every account.