[BreachExchange] Football Site Fun Fantastico Suffers Data Breach; 150,000 Records Exposed

Destry Winant destry at riskbasedsecurity.com
Thu Jul 23 10:24:54 EDT 2020


https://cisomag.eccouncil.org/fut-fantastico-data-breach/

A security investigation from cybersecurity firm WizCase discovered a
misconfigured Amazon S3 server that exposed data of Mexican football
site, Fut Fantastico. The data breach exposed personally identifiable
information (PII) of 150,000 active and inactive users, including the
full names, email addresses,  birth dates, date of user registration,
gender, notification settings, last login details, in-game statistics,
and IP addresses registered between 2017 and 2019.

Owned by Televisa, Fut Fantastico allows football fans to create a
virtual soccer team of their choice for gaming experience. The
misconfigured bucket is now secured after WizCase reported the data
leak to the site owner.

The researchers at WizCase stated that threat actors can use the
leaked information to perform malicious activities. “The misconfigured
bucket could allow scammers and criminals unrestricted access to
various personal information. From the exposed data, an unauthorized
person can find out, among other details, a user’s name, and location.
This breach of privacy could pose big threats to everyone involved.
With personal details readily available, hackers can use them for
fraudulent activities or to make new identities. The latter can assist
in creating new bank accounts, take over existing ones, purchase
illegal items, or even acquire legit legal documents such as passports
or driving licenses,” WizCase said.

Football Fans Continue to Suffer Data Breaches

Football fans across the globe continue to suffer data breaches.
Recently, Australia’s AFL fan website fell victim to a security breach
where private data of 70 million users was compromised. Researchers
from SafetyDetectives stated that they found around 132GB of data from
a leaky Elasticsearch database including private user data and
technical information relating to the company’s website, BigFooty.com.
SafetyDetectives notified the incident to the BigFooty authorities and
also reported to the Australian Cybersecurity Centre. BigFooty.com is
an Australian web and mobile application focused on Australian
football rules. The site allows users to interact with each other on a
range of topics with football being the prime focus for most users.


More information about the BreachExchange mailing list