"The club says a 'hacker in the Netherlands' exploited vulnerabilities to access parts of its systems, viewing email addresses of a few hundred people and limited personal data tied to fewer than 20 supporters with stadium bans."
"RTL's investigation found that by poking at exposed APIs and reusing shared digital keys, it was possible to act as other users entirely - transferring season tickets, altering account details, and even lifting stadium bans."
"The flaws potentially exposed data tied to more than 300,000 registered supporters and put upwards of 42,000 season tickets in play - tickets that could be stolen or simply vanish from an account with little the ticketholder could do about it."
"Ajax's own statement concedes that a journalist demonstrated the ability to transfer tickets and modify bans, but offered little detail on how such a wide-open setup made it into production in the first place."
AFC Ajax confirmed a data breach where a hacker accessed internal systems, viewing email addresses and limited personal data of supporters. Vulnerabilities allowed unauthorized actions, such as transferring season tickets and altering account details. RTL News revealed that flaws could expose data of over 300,000 supporters and jeopardize 42,000 season tickets. Details of over 500 supporters with stadium bans were also accessible. Ajax acknowledged the issue but provided little information on how such vulnerabilities were present in their systems.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]