- Ajax football club suffers breach exposing sensitive fan data
- Ethical hacker revealed vulnerability in app affecting 300,000 accounts
- Flaw allowed ticket transfers, stadium ban removals and access to personal data
Ajax Amsterdam, one of the biggest football clubs in the Netherlands and Europe, has confirmed that it suffered a data breach in which it is believed to have lost sensitive data on 300,000 people.
The club issued a press release claiming to have recently discovered a hacker “illegally accessing certain parts” of its systems.
“Data was accessed,” the club said, specifying that the hacker had accessed the emails of “a few hundred people”. Ajax also said that for fewer than 20 people banned from the stadium, their names, email addresses and dates of birth were accessed.
Article continues below
Hundreds of thousands of fans exposed
All those affected have been informed and warned of the potential arrival of phishing emails.
Ajax said the breach was possible due to “vulnerabilities” which have since been fixed. The club also informed the Dutch data protection authority, as well as law enforcement.
From the press release, one could conclude that only a handful of people lost data that in many cases is publicly available.
However, Cybernews reports that 300,000 fans actually had their personally identifiable information (PII) exposed. Citing RTL Nieuws, a local media outlet that first reported the incident, the publication said an ethical hacker demonstrated the vulnerability.
He showed he could view the personal data of 300,000 fans and even tamper with their accounts, transferring season tickets and match tickets to other people. He was even able to amend and remove stadium bans, potentially creating a security risk by allowing aggressive fans and hooligans back into the stands.
He explained that the problem was with the Ajax application, in which each user has the same digital key: “By manipulating a sent data packet, you can perform actions on behalf of someone else, such as forwarding a ticket,” he explained.
“This way, an unauthorized person could access all kinds of sensitive data belonging to Ajax fans and perform actions,” the hacker added.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
