AusLeisure

Participants' private information has reportedly been exposed after a data breach at Football Australia.

The weakness in the governing body’s online security exposed a range of data - including players' personal details, contracts, and passports, as well as additional data about ticket purchase information, and detailed source code and scripts of Football Australia's digital infrastructure – to being leaked online.

According to independent cybersecurity research publication Cybernews, the Football Australia accidentally left plain-text digital ‘keys’, including ‘secret keys’, lingering in the publicly-accessible code of its sub-domain, meaning anybody could access it if they knew where to look.

These keys are understood to have supposedly provided the publication's researchers with access to 127 digital storage containers which contain data and private details from grassroots participants all the way through to national team players.

Cybernews say they contacted Football Australia about the data breach, and that the governing body fixed the issue before the researchers published their story.

They claim the most likely reason behind the data breach was human error, "as a developer likely inadvertently left a reference hidden in a script accessible to the public. Nevertheless, the mistake represents a critical data exposure incident".

On Wednesday afternoon, FA's centralised registration platform PlayFootball was taken offline for a few hours, returning "504 Error" messages when people tried to register for upcoming competitions. The platform went back online later that evening.

In a statement on Thursday, Football Australia said it was "aware of reports of a possible data breach and is investigating the matter as a priority.

"Football Australia takes the security of all its stakeholders seriously.

"We will keep our stakeholders updated as we establish more details."

Following reports on 7 News Sydney today (Saturday 3rd February), Football Australia released a further statement, correcting what it called “misreporting” on the matter.

The Football Australia statement advised that the 7 News Sydney “report contains several inaccuracies and was highly speculative, despite Football Australia providing the relevant facts to the reporter.

“Although we are aware of the inadvertent exposure of certain credentials on Football Australia's FIFA Connect System, it's crucial to clarify the nature of the inadvertent exposure. Contrary to the claims in the 7 News report, the exposed credentials did not provide access to information such as international player contracts, domestic participation registration data, or competition details.

“We emphasise that the suggestion that community registration platforms were at risk is misleading, as is the linking of betting and match manipulation. In any case, Football Australia acted swiftly and remedied that exposure within hours of becoming aware.”

FIFA Connect is an initiative by FIFA to assist member associations in systematically registering all stakeholders, including players, coaches and referees.

Related Articles

31st January 2024 - Grassroots partnership announced for Football Australia’s MiniRoos and Milo

29th January 2024 - Football Australia commences selection of additional clubs for new national second division

24th December 2023 - Life Saving Victoria advises of cyber attack

11th December 2023 - Nudgee Recreation Reserve reborn as new base for Football Queensland

4th December 2023 - New Auckland A-Leagues club names Terry McFlynn as Director of Football

24th November 2023 - Matildas and Socceroos drive Football Australia to 48% increase in revenue

20th November 2023 - Football Australia announces eight teams for new national second division

19th November 2023 - Football Australia and Nike unveil new 10-year partnership

18th November 2023 - Football Victoria owed almost $2 million by local clubs

8th November 2023 - Football Australia pay deal sees Matildas get parity with Socceroos

31st October 2023 - Football Australia rules out 2034 FIFA World Cup bid in boost for Saudi Arabia hopes

20th October 2023 - Western United to play A-League home games at Wyndham Regional Football Facility

25th July 2022 - Western Australian arts organisation targeted in data breach

1st July 2021 - Fitness and Lifestyle Group sign with Airlock Digital to protect against cyber attacks

11th December 2019 - Kate Palmer apologises for ‘unauthorised access’ following Sport Australia email hack

16th August 2019 - YMCA NSW locations impacted by ransomware attack

11th July 2018 - Ticketmaster Data breach alleged to be part of a wider fraud

12th August 2016 - Swimming Australia website under ‘cyber attack’ after Mack Horton’s ‘drug cheat’ remarks

11th July 2016 - AIS helping protect athletes from cybercrime

13th March 2014 - PaySmart continues to set industry benchmark in data security

---

Support our industry news service
We hope that you value the news that we publish so while you're here can we ask for your support?

As an independent publisher, we need reader support for our industry news gathering so ask that - if you don't already do so - you back us by subscribing to the printed Australasian Leisure Management magazine and/or our online news.