In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team. Now, after a prolonged investigation, Christopher Correa has pleaded guilty to hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players. At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals. Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros. A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals. Armed with this password, Correa stole data from Ground Control for use by the Cardinals. Correa will be sentenced on April 11th which, coincidentally is the day of the Cardinals’ home opener for the 2016 baseball season.
Although this story reads like fiction, perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into. Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses. The best course to follow is to have a difficult to crack password that is unique for every account.