The World Anti-Doping Agency (WADA) today warned athletes to remain vigilant against new attempts by Fancy Bears' to try to obtain sensitive medical information.
WADA is currently investigating the original cyber-attack, which they revealed took place between August 25 and September 12, following a leak from the ADAMS (Anti-Doping Administration & Management System) run by the Montreal-based organisation.
A total of 107 athletes who competed at the Olympic Games in Rio de janeiro have so far been named by Fancy Bears', most of which are related to legally obtained therapeutic use exemptions (TUE) granted by various sporting bodies in order to treat medical conditions.
WADA revealed that ADAMS was accessed after a "spear phishing' attack" which involved tricking the recipient into giving away details such as usernames and passwords.
WADA said several of its and the International Olympic Committee's email accounts were targeted, giving hackers means to obtain the confidential records of Rio 2016 competitors.
As soon as the first batch of TUEs was published by Fancy Bears on September 13, WADA realised that there had been a security breach and claims that it immediately put in place a number of measures.
These included disabling the Rio 2016 account and increasing the logging of activity on its systems.
Several leading names have been targeted by Fancy Bears', including America's 22 time Grand Slam champion Venus Williams and British cyclist Sir Bradley Wiggins, a five-time Olympic gold medallist and former Tour de France winner.
Some of the information released may not be entirely genuine, however, according to WADA, and could have been fabricated or doctored.
"WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data," they said in a statement.
"However, we are continuing to examine the extent of this as a priority and we would encourage any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released."
Law enforcement agencies in Canada and elsewhere have been part of the investigation.
WADA also engaged cyber security firm FireEye Inc to assess the extent of the data breach by Fancy Bears' and ascertain what files were removed from its system.
The California-based firm have previously been called in to investigate high-profile attacks against Target, JP Morgan Chase and Sony Pictures.
According to the statement, only TUEs were accessed and not broader data held on the ADAMS system.
Not all details of its on-going investigation into the security breach have been published.
"It should be noted that WADA’s investigation is ongoing; and so, while the Agency wishes to keep stakeholders informed, it is mindful of the risks of disclosing information that might compromise the integrity of its investigation," they said in the statement.
WADA also warned ADAMS users to stay alert for additional phishing schemes.
This included suspicious emails supposedly from WADA deputy director general Rob Koehler that advises the users that WADA’s President wanted to speak with them regarding the hacks.
"To be clear, no such email was ever sent by the deputy director general," they said.
"Please remain vigilant to such scams."