Security at Footballguys

How we keep your data safe.

Usernames, Passwords & Authentication

All connections to are through the SSL/HTTPS protocol, ensuring that when you enter sensitive data onto our website, it cannot be intercepted and viewed by a third party.

We do not store passwords in plain-text. All passwords are stored having been hashed and passed through a one-way encryption algorithm. This means that even if our database was compromised (which of course we take every additional measure to prevent), your credentials would not be leaked.

Credit Card & Billing Information

Our payment processing partner, Braintree, handles your credit card and billing information on our behalf. At no point is any of this information transmitted to Footballguys or stored on our servers.

Braintree's environment meets the highest industry standards and guidelines and is one of the most widely used payment processors around the internet - their other clients include Airbnb, Github, Dropbox and OpenTable.

You can read more about the steps that Braintree takes to secure your data here.

Privacy Policy

Here's the short version: We do not provide, rent, or sell any of your personally identifying information to other companies or individuals.

Here's the long version: privacy policy.

Dark Web Breach Alerts

In November 2022, a Dark Web monitoring platform reported a leak of Footballguys credentials. Obviously, we take any security issue very seriously, and our team actively and aggressively investigated whether a breach has occurred. We have not found any evidence that this has happened. But we continue to be vigilant there.

It is very unlikely that our authentication system has been breached, either now or in the past. We confirmed this with the Dark Web monitoring firm that first discovered this file and reported it to the security software providers they serve.

Their analysis of the list revealed a relatively small number of Footballguys login credentials mixed in with login info from more than 25,000 other sites. Security researchers call these mixed credential lists "combolists" because they're gathered at different times through indirect means rather than a direct breach of a site's authentication systems.

Common methods of indirect credential harvesting include spyware and keyloggers installed on client devices, email phishing schemes, and reusing the same email and password on multiple websites.

Security researchers recommend changing passwords regularly and using a unique strong password for each site to reduce the risk presented by these distributed credential lists.