A Russian whistleblower who revealed state-backed athlete doping in the country has had her account on the World Anti-Doping Agency (WADA) website hacked, potentially revealing her whereabouts.
Yuliya Stepanova was integral in revealing the widespread use of banned substances to help Russian athletes outperform their rivals. The revelations led to some athletes being banned from the Olympics.
Stepanova was forced to leave Russia and live in hiding after revealing the information, which no doubt upset the government.
WADA has now admitted that Stepanova's account on the organisation's Anti-Doping Administration and Management System (ADAMS) was hacked, most likely by those wishing to ensure she sees 'justice' in Russia.
“Through WADA’s regular security monitoring ... the agency noted that someone other than Ms Stepanova had accessed her account," the organisation said in a statement.
"WADA immediately locked Ms Stepanova’s account to prevent further access and notified her of the situation."
WADA also acknowledged a recent spike in phishing attacks against its members, suggesting that Stepanova may have inadvertently revealed her information to the hackers.
"Earlier this week, WADA was made aware of an alleged hack of its website and to phishing scams. Regarding the latter, the agency confirmed that some users had received illegitimate emails that look as though they come from WADA, which ask users to click on a link and enter their personal credentials," it said.
"WADA quickly investigated and immediately sent an email to all users, including a warning banner on the ADAMS home page, alerting them to these emails, which WADA would never send, and asking them to advise ADAMS support immediately if they were to receive such an email.”
WADA explained that it is contact with “the relevant law enforcement authorities” and that it has always been a target for hackers.
“Stakeholders can rest assured that the agency takes IT security and data privacy very seriously; accordingly, as a matter of course, we monitor all our systems on a continuous basis and adjust as necessary in line with the best IT security practices,” the agency said.
The incident underlines the ease with which phishing attacks can put people at risk, as witnessed in 2014 when scores of celebrities had their iCloud accounts hacked and personal media stolen and distributed online.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons