AFC Ajax, a prominent Dutch football club, has acknowledged a data breach following unauthorized access to its internal systems. This incident has raised significant concerns regarding the security of user accounts and sensitive information.
Incident Overview
The breach was attributed to a hacker in the Netherlands who exploited vulnerabilities within Ajax’s systems. This allowed the attacker to view email addresses of several hundred individuals and limited personal data associated with fewer than 20 supporters who had stadium bans.
Exploited Vulnerabilities
Investigations by RTL News revealed that the attacker was able to manipulate exposed APIs and reuse shared digital keys, effectively impersonating other users. This capability enabled actions such as transferring season tickets and altering account details. For instance, RTL demonstrated the ability to transfer a VIP ticket from Ajax director Menno Geelen’s account, gaining access to an upcoming match before the club intervened.
Scope of the Breach
The vulnerabilities potentially impacted over 300,000 registered supporters, with upwards of 42,000 season tickets at risk of being stolen or disappearing from accounts without the owners’ knowledge. Furthermore, details of more than 500 supporters with stadium bans were exposed, including the reasons for their bans, which could have serious implications for those affected.
Response and Mitigation
AFC Ajax has stated that it has patched the vulnerabilities and notified relevant regulators. The club claims to have “no indication” that the exposed data has been disseminated further. However, the incident raises questions about how such significant security oversights occurred, particularly given the ability for outsiders to manipulate sensitive data.
While Ajax aims to downplay the severity of the breach by focusing on the limited confirmed exposures, the implications of allowing unauthorized access to user accounts are substantial. The situation highlights the need for robust security measures to prevent similar incidents in the future.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
