The former scouting director of the St Louis Cardinals baseball club has admitted he illegally poked around in the player database of a Major League Baseball rival.
Chris Correa pleaded guilty on Friday at a Houston federal court to five counts of unauthorized access to a computer stemming from a 2013 infiltration of the email accounts and scouting database of the Houston Astros.
Each of the counts carries a maximum penalty of five years in prison and $250,000 fine.
Correa, who was fired by the Cardinals after word broke of the scandal last summer, was said to have accessed the Astros' "Ground Control" database from 2013 to 2014 using the password of a former Cardinals employee who left to scout for the Astros.
Armed with the reused password, Correa was able to access the Astros employee's email account and Ground Control credentials. From there, he was able to infiltrate the database, which contained not only scouting dossiers on players within the Astros organization, but also amateur players being scouted by the team, information on player contracts, and correspondence the Astros had with other teams on potential trades.
Even when unauthorized access to the database was detected by the Astros and user passwords were changed, Correa simply logged into the staffer's email account and lifted the new credentials.
The incident serves as a reminder to all businesses about the importance of assigning and maintaining secure passwords. Correa was only able to infiltrate the Astros database because the team allowed an incoming employee to use an old password, rather than assign or force the worker to pick a new code.
"Unauthorized computer intrusion is not to be taken lightly," said US Attorney Kenneth Magidson.
"Whether it's preserving the sanctity of America's pastime or protecting trade secrets, those that unlawfully gain proprietary information by accessing computers without authorization must be held accountable for their illegal actions."
Correa will be sentenced at a later date. ®