Is this 'the largest breach in football history'? Hackers allegedly breach Cristiano Ronaldo's Saudi team and AFC governing body, leak passports, contracts, and emails online

1 day ago 2

AFC football governing body reportedly compromised, exposing sensitive data on over 150,000 members
Leaked records allegedly include passport scans, contracts, emails, and detailed player information
The attack was advertised as the “largest breach in football history,” with researchers warning of fraud risks

The Asian Football Confederation (AFC), the main governing body for football in Asia, has apparently been compromised after an attack saw highly sensitive and personal details on more than 150,000 members exposed to the dark web.

A report from Dataminr calims a threat actor posted a thread on the PwnForums marketplace over the weekend, advertising the archive.

In it, the attackers say said they dumped “the complete AFC players and coaches database” including data from Al Nassr FC, where giants like Cristiano Ronaldo, Sadio Mané, or Marcelo Brozović play. The database allegedly contains passport scans, contracts, emails, and AFC registration files.

Article continues below

Posting samples

“The combination of passport scans, verified email addresses, and player contract data creates a highly actionable package for financial fraud, contract manipulation, and targeted social engineering against some of the world’s highest-earning athletes,” said Jeanette Miller-Osborn, Field Cyber Intelligence Officer at Dataminr.

The threat actor posted a few samples to prove the authenticity of their claims, and besides the above, these also contained people’s full legal names, dates of birth, nationalities, player positions, AFC IDs, club names, match details, and venue information.

The threat actor thanked ShinyHunters for their help posting the leak and described the attack as “the largest breach in football history.” However, this person is most likely not affiliated with the group, since Dataminr described them as a “forum-level operator leveraging the credibility of ShinyHunters,” just to try and grab some money for their efforts.

At press time, the AFC has not yet commented on the leak.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At the same time, the researchers urged both the AFC and its members to be wary of incoming messages, and to review how they store athlete data.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article