France is the scene of a new cyberattack. The French Football Federation has indicated that it has been the victim of a "malicious cyberattack". The attackers managed to seize the personal data of volunteers, members and staff of the federation. According to researcher Clément Domingo, the leak concerns three million people, including international players.
In an email, the French Football Federation warns all those concerned that their data has been compromised. Among the information collected, we find “identity data (name, first name, gender, date and place of birth, nationality), postal address, email address, telephone number, person number in the software, photo and copy of proof of identity”. However, passwords, health data and bank details were not stolen.
A compromised account at the origin of the hack
To penetrate the systems of the association that manages football in France, the hackers attacked the "license and administration data management software", the federation continues. They used a "compromised account" upstream to achieve their ends. Here again, everything seems to have started with credential theft.
After noticing the intrusion, researchers took steps to repel the hackers. The account that caused the cyberattack was promptly deactivated. In accordance with the law, the French Football Federation notified the CNIL (National Commission for Information Technology and Civil Liberties) and the ANSSI (National Agency for the Security of Information Systems) of the incident. The CNIL is free to open an investigation to determine whether there have been any breaches in data security.
As Zataz noted, a hacker was quick to put the data of the French Football Federation up for sale on a black market. In the announcement, he explains that the directory includes "87268832 lines" of information. The hacker explains that he was able to exploit a misconfigured API of an application used by several sports federations to access the FFF database.
A second hack for the FFF in a year
This is already the second time in a year that the French Football Federation has been the victim of an attack. Almost a year ago, hackers used a flaw to steal the data of ten million individuals. Zataz was able to confirm that the data put up for sale was not included in the first leak. Aware of the risks of scams and phishing, the federation recommends that those affected exercise caution:
This second leak is in addition to the various other breaches recorded in France in recent weeks. We will particularly remember the hacking of eight sports federations, which resulted in the leak of data of 4.5 million French people.
0 Comments