Gandalf_The_Grey
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people.
The security issues also allowed transferring purchased tickets to others and enabled modifications to stadium bans imposed to certain individuals.
The club learned about the security issues and their effect from journalists who were tipped off by the hacker.
RTL journalists who received a tip from the hacker independently verified the vulnerabilities and reported that they were able to transfer season tickets from their holders to arbitrary people, access and modify stadium ban records, and gain broad access to fan data via APIs and shared keys.
In a demonstration, they reassigned a VIP season ticket in seconds. Most worryingly, RTL stated it could manipulate 42,000 season tickets, 538 supporter stadium bans, and view details on over 300,000 accounts.
Ajax football club hack exposed fan data, enabled ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people.
