Football Australia investigating after player contracts, passports appear online
The contract and passport details of footballers have been leaked online in an embarrassing data breach engulfing Football Australia.
Football
Don't miss out on the headlines from Football. Followed categories will be added to My News.
Football Australia has launched an investigation after reports private information including players’ contracts and passport information had been breached.
Cybernews said up to 127 buckets of data including ticket buyers’ personal information, players’ contracts and documents had been left exposed due to human error.
The researcher said Football Australia had left plain-text Amazon Web Services (AWS) keys – including Secret keys – hardcoded into the HTML page of its subdomain.
“While we cannot confirm the total number of the affected individuals, as it would require downloading the entire dataset, contradicting our responsible disclosure policies, we estimate that every customer or fan of Australian football was affected,” the researchers said.
Cybernews said the cause was most likely human error with a developer accidentally leaving a reference hidden in code accessible by the public.
The researchers said personal nature of the information left exposed could be used for identity theft, fraud or blackmail – but it is yet to be confirmed if any outside source had accessed the data.
Football Australia issued a statement in response to the news.
“Football Australia is aware of reports of a possible data breach and is investigating the matter as a priority,” the statement read.
“Football Australia takes the security of all its stakeholders seriously.
“We will keep our stakeholders updated as we establish more details.”
More Coverage
Originally published as Football Australia investigating after player contracts, passports appear online