Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Hackers Leak More Confidential Athlete Data

The hacker group calling itself Fancy Bears has leaked another batch of athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA). The organization has confirmed the leak and again blamed Russia for the attack on its systems.

The hacker group calling itself Fancy Bears has leaked another batch of athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA). The organization has confirmed the leak and again blamed Russia for the attack on its systems.

Earlier this week, the Fancy Bears group, which claims to be affiliated with the Anonymous hacktivist movement, leaked the Rio Olympics test results and therapeutic use exemptions of several U.S. athletes who they accused of being unjustly allowed by the WADA to use banned substances. The list of affected athletes included gymnast Simone Biles, basketball player Elena Delle Donne, and tennis players Venus and Serena Williams, all of whom have denied any wrongdoing.

The hackers announced on Thursday a new round of leaks targeting a total of 25 athletes from the United States, United Kingdom, Denmark, Russia, Poland, Czech Republic, Romania and Germany.

“The list of doping addicts includes not only the athletes of the top Olympic teams but also those who compete for other countries,” the hackers said in a statement accompanying the leak. “We’ll keep on telling the world about doping in elite sports. Stay tuned for new leaks.”

WADA has confirmed that the leaked files are genuine and pointed out that the information was obtained after hackers accessed the organization’s Anti-Doping Administration and Management System (ADAMS) through compromised credentials obtained via email spear-phishing attacks.

WADA insists that the Russia-linked cyberespionage group known as Fancy Bear, APT28, Pawn Storm, Sednit, Sofacy, Tsar Team and Strontium is behind the cyberattack. The organization reached this conclusion based on information provided by law enforcement and the timing of the attack.

“Given this intelligence and advice [from law enforcement and IT security agencies], WADA has no doubt that these ongoing attacks are being carried out in retaliation against the Agency, and the global anti-doping system, because of our independent Pound and McLaren investigations that exposed state-sponsored doping in Russia,” said Olivier Niggli, director general of WADA. “We condemn this criminal activity and have asked the Russian Government to do everything in their power to make it stop.”

Russia has repeatedly denied any involvement, but officials have complained about the lack of transparency and accused WADA of favoring some countries.

News of the WADA hack emerged in August. At the time, threat intelligence firm ThreatConnect published a blog post detailing the connection between this attack and the Russian threat group APT28.

APT28 is also believed to be responsible for the recent attacks on the U.S. Democratic Party. A hacktivist using the online moniker Guccifer 2.0 took credit for the Democratic Party breach, and while he claims to be a lone wolf from Romania, experts believe it’s just a persona used by Russian intelligence to throw investigators off track.

Related: More Evidence Links Russia to DNC Attack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...