Top Australian football stars have had VERY personal details leaked online in a shocking mistake – and ‘every fan in the country’ could be caught up in a cyber nightmare
- Football Australia error reportedly in mid-exposure
- Expert says details have been vulnerable for almost 700 days
- Football Australia understands it has now resolved the issue
Australian football players have had their personal information including their passport and contract information leaked in a cyber security breach that could also affect football fans across the country.
The breach occurred because Football Australia left secret keys used to access the details unprotected online in what has been described as the governing body scoring an ‘own goal’.
The FA’s mistake has also exposed ticket purchasing information in a development that could impact a large number of fans, an independent cybersecurity publication said. Cyber news.
Australian football stars (Sam Kerr is pictured playing for the Matildas) have been given information including their passport details
‘Every customer or fan of Australian football was affected,’ said investigators who discovered the breach (Photo: Matildas supporters at last year’s World Cup)
“While we cannot confirm the total number of individuals affected as this would require downloading the entire dataset, which is contrary to our responsible disclosure policy, we estimate that every customer or fan of Australian football has been affected,” it said research team that uncovered the problem. .
“The exposed data, including footballers’ contracts and documents, poses a serious threat as attackers can misuse this information for identity theft, fraud or even blackmail, highlighting the urgent need for improved security practices and measures to protect sensitive data.”
According to the report, Football Australia has resolved the issue.
A technology expert who independently verified the breach said the information has been vulnerable for 681 days – enough time for ‘external attackers’ to exploit the weakness
Cybersecurity researcher Jamieson O’Reilly, founder of information security firm Dvuln, independently confirmed the breach, according to the Sydney Morning Herald.
“Given that the exposure lasted at least 681 days, it is likely that remote attackers discovered and used these keys,” he said.
The data allegedly leaked also includes details of the FA’s internal digital infrastructure.
Football Australia is the governing body for the country’s beach soccer and futsal teams, in addition to the soccer teams.
The following statement was released on Thursday: ‘Football Australia takes the safety of all its stakeholders seriously. We will keep our stakeholders informed as we determine more details.”
News of the exposure is the latest in a series of cyber security breaches that have affected millions of Australians.
The most infamous of these was the Optus breach in September 2022.
Football Australia is the governing body for all teams in the code below (pictured, Socceroos star Jackson Irvine celebrates scoring a goal during the Asian Cup)
That cyber hack meant that the personal addresses, dates of birth, passport details, driver’s licenses, telephone numbers and email addresses of the company’s past and present customers could be stolen.
Nearly 10 million people were left exposed – and like what reportedly happened to Football Australia, the root of the problem was lax security.
“If the hacker is to be believed, this wasn’t even a sophisticated hack, it’s not even a hack,” technology expert Trevor Long told Daily Mail Australia when asked about the situation at Optus.
“They were able to exploit an internal system and access information through a simple security breach.
‘It’s a goldmine for identity fraud and hackers.’