CBS Sports app left personal data vulnerable during March Madness

CBS, Turner Extend NCAA Tournament Through 2032
CBS, Turner Extend NCAA Tournament Through 2032

Millions of people who used the CBS Sports app during the March Madness basketball tournament were made potentially vulnerable by a security flaw that left personal data including names, emails, birth dates, ZIP codes and passwords open to online theft, according to a security firm.

Mobile security firm Wandera on March 18 discovered the cybersecurity gap and notified CBS that there was no security protecting the login on the CBS Sports mobile site and the registration process for its downloadable app, the company said Wednesday.

SEE ALSO: Facebook CEO Mark Zuckerberg Slams Donald Trump

A spokeswoman for CBS Sports Digital said in a statement that the company had resolved the security gap, emphasizing that it was not a data breach and there was no sign that data was taken.

"Our internal teams are rigorous about monitoring our platforms for any potential security issues," she said.

READ MORE: Cyberattacks Surge on Energy Companies, Electric Grid

Michael Covington, the vice president of product at Wandera, says the lack of encryption to protect personally identifiable information "left millions of people exposed to interception" because so many people were using CBS Sports on their phones during the college basketball tournament.

The personal data could be used to help access other online accounts, so Covington advises users of the site not to reuse the password they entered for CBS Sports and to consider changing their passwords on other sites to be safe.

READ MORE: Ransomware Hacks Are a Hospital Health IT Wake-Up Call

"Without the use of any encryption, that data is potentially at risk," he says. "CBS Sports was incredibly popular during March Madness. The more popular the app, the greater number of potential victims and the higher the potential payoff for online theft."

RELATED GALLERY: The best photos from the 2016 March Madness tournament