- AFC football governing body allegedly compromised and exposed sensitive data of over 150,000 members
- Leaked records reportedly include passport scans, contracts, emails and detailed player information
- The attack was heralded as the “biggest breach in football history”, with researchers warning of fraud
The Asian Football Confederation (AFC), the main governing body for football in Asia, has apparently been compromised after an attack exposed highly sensitive and personal details of more than 150,000 members to the dark web.
A report from Dataminr reassures a threat actor posted a thread on PwnForum’s marketplace over the weekend advertising the archive.
In it, the attackers say they have dumped “the complete AFC player and coach database”, including data from Al Nassr FC, where giants such as Cristiano Ronaldo, Sadio Mané or Marcelo Brozović play. The database reportedly contains passport scans, contracts, emails and AFC registration files.
The article continues below
Posting of samples
“The combination of passport scans, verified email addresses and player contract data creates a highly actionable package for financial fraud, contract manipulation and targeted social engineering against some of the world’s highest-paid athletes,” said Jeanette Miller-Osborn, Field Cyber Intelligence Officer at Dataminr.
The threat actor posted a few samples to prove the authenticity of their claims, and in addition to the above, these also contained people’s full legal names, dates of birth, nationalities, player positions, AFC IDs, club names, match details and venue information.
The threat actor thanked ShinyHunters for their help in publicizing the leak and described the attack as “the biggest breach in football history.” However, this person is most likely not affiliated with the group, as Dataminr described them as a “forum-level operator exploiting the credibility of ShinyHunters” just to try and get some money for their efforts.
At press time, AFC has not yet commented on the leak.
At the same time, the researchers urged both the AFC and its members to be vigilant about incoming messages and to review how they store athlete data.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
