Australia’s AFL fan website is the latest victim of a security breach where private data of 70 million users’ were compromised. Researchers from SafetyDetectives stated that they found around 132GB of data from a leaky Elasticsearch database including private user data and technical information relating to the company’s website BigFooty.com.
SafetyDetectives notified the incident to the BigFooty authorities and also reported to the Australian Cybersecurity Centre. The database is secured now. BigFooty.com is an Australian web and mobile application focused on Australian football rules. The site allows users to interact with each other on a range of topics with football being the prime focus for most users.
“Private messages are fully exposed in the leak and can be traced back to specific users. This includes some high-profile users such as Australian police officers and government employees. Private information belonging to such individuals, including chat transcripts and email addresses, were found on the database which thereby creates a significant vulnerability in terms of potential blackmail and other reputational damage that could be caused,” the researchers said.
According to SafetyDetectives, the exposed information includes:
- Users’ private messages
- Usernames used to access Big.Footy.com
- Passwords to live streams
- Data relating to ad spammers
- Email addresses
- Relationships between users
- Phone numbers
- Users’ comments including personal threats and racist material
- Personal information relating to real-world activities, intentions, and behavior
- Data related to site’s internal workings, server information, operating system information, internal resource details, browser information, error logs, access logs, IP addresses, and location data.
Cybercriminals Target Australians
Australia witnessed a sudden surge in cyberattacks amid Coronavirus pandemic which led the Australian Cybersecurity Centre (ACSC) to release a new threat report exposing how cybercriminals are exploiting the situation for their own gain through phishing schemes and malicious activities. The report is intended at raising awareness about the increasing COVID-19-related malicious cyberthreats and also provide real-time cybersecurity advice to organizations and individuals.