WADA’s hack has opened doors to more hacks — Now, the Russian Olympics whistleblower Yuliya Stepanova living in a secret location had her account accessed by a third party.
On 12th August a Twitter handle claiming affiliation with Anonymous Poland branch of the hacktivist group hacked the official website of WADA-CAS (World Anti-Doping Agency and Court of Arbitration for Sport’s servers) and leaked thousands of login credentials on a file sharing website.
Now, reports are that Yuliya Stepanova, a Russian athlete who assisted the agency in exposing the doping scandal before Rio Olympics has been hacked due to the data leaked from Wada’s servers. Previously, WADA praised Stepanova for providing crucial information in order to help fight against doping in sport to which she was entitled as a whistleblower.
The agency has confirmed that a third party accessed Stepanova’s account on Wada’s website. The account contains her medical testing results, history, and whereabouts information. In an official statement WADA said that:
“The World Anti-Doping Agency (WADA) confirms that Yuliya Stepanova’s password for WADA’s Anti-Doping Administration and Management System (ADAMS) was illegally obtained, which allowed a perpetrator to access her account on ADAMS. Ms. Stepanova was the key whistleblower for WADA’s Independent Pound Commission that exposed widespread doping in Russian athletics.”
WADA confirms illegal activity on Yuliya Stepanova’s ADAMS account: https://t.co/GHRychnGk8
— WADA (@wada_ama) August 13, 2016
Mostly, such hacks pose a danger to users’ online privacy and security but in Stepanova’s case things are pretty serious as she and her husband (who himself is a Russian anti-doping official) are living in a secret unknown location since whistleblowing against the Russian sports system of large-scale doping scam.
In response, WADA said: “it is in contact with the relevant law enforcement authorities.”
Earlier hackers breached into the server of WADA-CAS website using SQL injection flaw and leaked 3,121 unique email accounts along with their passwords that are hashed with old MD5 encryption that can be decrypt within seconds.
At the time of publishing this article, HackRead is confirming that the leaked data is still available for anyone to download on a file sharing website.