Top Aussie soccer stars have VERY personal details leaked online due to shocking mistake – and ‘every fan in the country’ could be caught up in cyber nightmare

  • Football Australia error reportedly at centre of exposure 
  • Expert says details have been vulnerable for almost 700 days 
  • Football Australia understood to have fixed the problem now 

Australian soccer players have had personal information including their passports and contract information leaked in a cybersecurity leak that could also affect football fans across the country.

The breach occurred because Football Australia left secret keys used to access the details unprotected online in what’s been described as the governing body scoring an ‘own goal’.

The FA’s mistake has also exposed ticket purchase information in a development that could affect a huge number of fans, according to independent cybersecurity publication Cybernews.

Aussie football stars (Sam Kerr is pictured playing for the Matildas) have had information including their passport details exposed 

'Every customer or fan of Australian football was affected', according to the researchers who discovered the breach (pictured, Matildas supporters at last year's World Cup)

‘Every customer or fan of Australian football was affected’, according to the researchers who discovered the breach (pictured, Matildas supporters at last year’s World Cup) 

‘While we cannot confirm the total number of the affected individuals, as it would require downloading the entire dataset, contradicting our responsible disclosure policies, we estimate that every customer or fan of Australian football was affected,’ the research team that uncovered the problem said.

‘The exposed data, including contracts and documents of football players, poses a severe threat as attackers could exploit this information for identity theft, fraud, or even blackmail, emphasising the urgent need for improved security practices and measures to safeguard sensitive data.’ 

According to the report, Football Australia has fixed the issue. 

A tech expert who independently verified the leak said the information has been vulnerable for 681 days - plenty of time for 'external attackers' to have exploited the weakness

A tech expert who independently verified the leak said the information has been vulnerable for 681 days – plenty of time for ‘external attackers’ to have exploited the weakness

Cybersecurity researcher Jamieson O’Reilly, founder of the information security company Dvuln, independently confirmed the breach, according to the Sydney Morning Herald.

‘Considering the exposure lasted for at least 681 days, it’s plausible that external attackers discovered and utilised these keys,’ he said. 

The data that has been leaked reportedly also includes details of the FA’s internal digital infrastructure.

Football Australia is the governing body for the nation’s beach soccer and futsal teams in addition to its soccer teams.

It released the following statement on Thursday: ‘Football Australia takes the security of all its stakeholders seriously. We will keep our stakeholders updated as we establish more details.’

News of the exposure is the latest in a series of cybersecurity breaches that have affected millions of Australians.

The most notorious of those was the Optus breach in September 2022.

Football Australia is the governing body for all of the code's teams down under (pictured, Socceroos star Jackson Irvine celebrates scoring a goal at the Asian Cup)

Football Australia is the governing body for all of the code’s teams down under (pictured, Socceroos star Jackson Irvine celebrates scoring a goal at the Asian Cup)

That cyberhack meant the company’s past and present customers potentially had their personal addresses, dates of birth, passport details, drivers licences, phone numbers and email addresses stolen.

Almost 10 million people were left exposed – and like what has reportedly happened with Football Australia, the cause of the problem was lax security.

‘If we are to believe the hacker, this was not even a sophisticated hack, it’s not even a hack,’ tech expert Trevor Long told Daily Mail Australia when asked about the Optus situation.

‘They were able to exploit an internal system and access information in a simple security breach.

‘It’s a goldmine for identity fraud and hackers.’

Read more at DailyMail.co.uk