Home News Football Site Fun Fantastico Suffers Data Breach; 150,000 Records Exposed

Football Site Fun Fantastico Suffers Data Breach; 150,000 Records Exposed

credential phishing campaigns

A security investigation from cybersecurity firm WizCase discovered a misconfigured Amazon S3 server that exposed data of Mexican football site, Fut Fantastico. The data breach exposed personally identifiable information (PII) of 150,000 active and inactive users, including the full names, email addresses,  birth dates, date of user registration, gender, notification settings, last login details, in-game statistics, and IP addresses registered between 2017 and 2019.

Owned by Televisa, Fut Fantastico allows football fans to create a virtual soccer team of their choice for gaming experience. The misconfigured bucket is now secured after WizCase reported the data leak to the site owner.

The researchers at WizCase stated that threat actors can use the leaked information to perform malicious activities. “The misconfigured bucket could allow scammers and criminals unrestricted access to various personal information. From the exposed data, an unauthorized person can find out, among other details, a user’s name, and location. This breach of privacy could pose big threats to everyone involved. With personal details readily available, hackers can use them for fraudulent activities or to make new identities. The latter can assist in creating new bank accounts, take over existing ones, purchase illegal items, or even acquire legit legal documents such as passports or driving licenses,” WizCase said.

Football Fans Continue to Suffer Data Breaches

Football fans across the globe continue to suffer data breaches. Recently, Australia’s AFL fan website fell victim to a security breach where private data of 70 million users was compromised. Researchers from SafetyDetectives stated that they found around 132GB of data from a leaky Elasticsearch database including private user data and technical information relating to the company’s website, BigFooty.com. SafetyDetectives notified the incident to the BigFooty authorities and also reported to the Australian Cybersecurity Centre. BigFooty.com is an Australian web and mobile application focused on Australian football rules. The site allows users to interact with each other on a range of topics with football being the prime focus for most users.