UFC exec responds to Fight Pass security concerns

Mark Nolan

Earlier this week, Bloody Elbow highlighted some faults in the online security of the UFC's digital network. The UFC Chief Content Officer gave a statement on Friday addressing the issue.

Since it's launch announcement, the UFC Fight Pass, the promotion's new digital network, has brought a combination of excitement for it's potential and criticism of the current unfinished product. However, earlier this week Bloody Elbow's Iain Kidd drew attention to security dangers related to the service. Specifically, he brought up the concern of the password storage and the liabilities if their system or accounts were to be hacked.

On Friday in a Bleacher Report article about the online service, Jonathan Snowden asked UFC Chief Content Officer Marshall Zelaznik about the potential dangers:

Bleacher Report: I've read recent articles on Bloody Elbow regarding security issues with UFC Fight Pass. What steps has the UFC taken to protect its customers?

Zelaznik: Having a secure product is always a top priority for us. The system we use for UFC Fight Pass is the same as UFC.tv, and we are always evaluating ways to ensure we continue to deliver a secure environment. When we see the need to update the service, we will, and the fact of the matter is we have been evaluating this as part of our normal course of business.

In addition to Zelaznik's response Steph Daniels received this message in reply to a service cancellation email where she asked about the issues:

In regards to your concerns for your account information all UFC.tv payment card information is secured using payment card industry (PCI) standards that are verified during annual certifications. Transfer of payment information is via secure socket layer (SSL) protocol; cryptographic storage of payment information is via PCI approved data encryption standard. The same data encryption standard is used for storage account password, which we do recommend changing at regular intervals.

Despite the reassurances of Zelaznik and UFC support, Iain Kidd still has misgivings:

"As briefly mentioned in the Fight Pass Security article, the two-way encryption used by the UFC on passwords is not recognized as a safe way to store them, regardless of whether or not the encryption is of PCI standard. Passwords should only ever be stored after hashing and salting. You can read more about this in an article recently published by leading computer security company, Sophos, here"

Additionally, he referenced Adobe Systems, Inc having been hacked and passwords compromised while employing a PCI standard two-way encryption.

X
Log In Sign Up

forgot?
Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

Join Bloody Elbow

You must be a member of Bloody Elbow to participate.

We have our own Community Guidelines at Bloody Elbow. You should read them.

Join Bloody Elbow

You must be a member of Bloody Elbow to participate.

We have our own Community Guidelines at Bloody Elbow. You should read them.

Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5349_tracker