- Ajax football club suffers breach and exposes sensitive fan data
- Ethical hacker exposed vulnerability in app affecting 300,000 accounts
- Errors allowed ticket transfers, removal of stadium bans and access to personal information
Ajax Amsterdam, one of the biggest football clubs in the Netherlands and across Europe, has confirmed that it has suffered a data breach in which it reportedly lost sensitive data on 300,000 people.
The club issued a press release saying it had recently discovered a hacker “illegally accessing parts” of its systems.
“Data was seen”, the club said, adding that the hacker accessed the emails of “a few hundred people”. Ajax also said that for fewer than 20 people banned from the stadium, their names, email addresses and dates of birth were accessed.
The article continues below
Hundreds of thousands of exposed fans
All affected individuals were notified and warned of potential incoming phishing emails.
Ajax said the breach was possible due to “vulnerabilities” that have since been patched. The club also notified the Dutch data protection authority as well as law enforcement.
From the press release, one can conclude that only a handful of people lost data, which in many cases is publicly available.
However, Cyber news reports that 300,000 fans actually had their personally identifiable information (PII) exposed. Citing RTL Nieuws, a local news outlet that was the first to report the incident, the publication said an ethical hacker demonstrated the vulnerability.
He showed that he could see the personal information of 300,000 fans and even tamper with their accounts, transferring season tickets and match tickets to other people. He was even able to change and remove stadium bans, which potentially created a safety hazard by allowing aggressive fans and hooligans back into the stands.
He said the problem was in the Ajax app, where all users have the same digital key: “By manipulating a sent data packet, you can perform actions on behalf of others, such as transferring a ticket,” he explained.
“In this way, an unauthorized person can access all kinds of sensitive data belonging to Ajax fans and perform actions,” the hacker added.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
