The trouble keeps on rolling right in for the UFC as we round out 2014. According to multiple reports, a Twitter account linked with the hacking collective Anonymous has posted a link to a document containing the login credentials and credit card numbers of UFC Fight Pass subscribers, as well as info from customers of other services including XBox Live, Playstation Network, and Amazon. The document, a virtual treasure trove of some 13,000 or so credit card numbers, first came to light Friday, but the inclusion of UFC Fight Pass subscribers was not immediately reported on. The hack comes almost a year after a report on Bloody Elbow criticized the company for poor security practices on their Fight Pass website. It reported that passwords to the site were stored in plaintext (read: unencrypted), a glaring error in security best practices if true, and there's no reason thus far to doubt the report. The report went on to point out that;
Personal information such as name and address appears to be unencrypted/unhashed. There is no way to remove your credit card information once it's in there; you can only edit it, and the edited number as to be a valid credit card. This means you can't just put fake numbers in there to protect your data. Currently, credit card is the only way to pay. If you want Fight Pass, you have to give the UFC your credit card information. It should be noted that there is no evidence that credit card information is stored in an unencrypted format.
The UFC declined to comment at the time. For those that remember, the UFC clashed with Anonymous back in 2012 over the fight promotion's support of the dreaded SOPA (Stop Online Piracy Act) in the U.S., an overreaching bill introduced by Republican Lamar S. Smith that aimed to expand the powers of law enforcement to combat piracy and increase penalties, including making unauthorized streaming of copyrighted video punishable by up to five years in prison. It also created the risk that an entire website or even domain could be shut down off a single infringing post, and as a result, over 7,000 websites including Wikipedia staged a blackout in protest. The bill would eventually fail, but not before the UFC clashed with Anonymous over their support of it. Given the history, it would seem like the UFC was a clear target for the collective, however some participants in the "group" are denying the hack had anything to do with Anonymous. As it's less a group and more a collection of like-minded individuals who come and go, it's hard to say if the hack was legitimately Anonymous or not, but this is not the first time participants have wound up disputing whether or not a hack was sanctioned. Meanwhile, UFC Fight Pass customers may want to start resetting their passwords and keeping an eye on their credit card statements.
Covering the sport of MMA from Ontario, Canada, Jay Anderson has been writing for various publications covering sports, technology, and pop culture since 2001. Jay holds an Honours Bachelor of Arts degree in English from the University of Guelph, and a Certificate in Leadership Skills from Humber College under the Ontario Management Development Program. When not slaving at the keyboard, he can be found in the company of his dog, a good book, or getting lost in the woods.