Plain-text digital “keys” in the publicly accessible code, access to 127 digital storage containers
Company Statement: Football Australia is aware of reports of a possible data breach and is investigating the matter as a priority | 1st Feb 2024
Source: Football Australia data breach reportedly exposes contracts, passports, and ticket information | ABC News Australia
View more incidents relating to Sporting and Recreation sector.
Millions of football participants across Australia have potentially had their personal information leaked online after a security flaw was identified in Football Australia’s (FA) digital infrastructure.
The national governing body accidentally left plain-text digital “keys”, including “secret keys”, lingering in the publicly-accessible code of its sub-domain, meaning anybody could access it if they knew where to look.
These keys supposedly provided the publication’s researchers with access to 127 digital storage containers which contain data and private details from grassroots participants all the way through to national team players.
It is claim that the various buckets of data included players’ personal details, contracts, and passports, as well as additional data about ticket purchase information, and detailed source code and scripts of FA’s digital infrastructure.
Related
