A serious cybersecurity issue has recently come to light involving AFC Ajax. The club confirmed that a hacker gained access to parts of its internal systems. This exposed some fan-related data and revealed weaknesses in its digital setup. The main concern was around its ticketing system and how easily it was affected.

The AFC Ajax logo representing the football club affected by a cybersecurity breach exposing fan data.

According to the club, the attacker accessed email addresses of a few hundred individuals. In addition, more sensitive details were exposed for a smaller group of people. This included names, email addresses, and dates of birth. These belonged to fewer than 20 individuals with stadium bans.

The issue did not come from internal detection but was revealed externally. The hacker contacted journalists and showed them proof of the vulnerabilities. These claims were later verified by reporters after checking the system. This raised concerns about how long the system had been insecure.

A digital network with connected nodes under a magnifying glass, symbolizing exposed Ajax fan data and system vulnerabilities.

The breach was not limited to just viewing information. The attacker was also able to manipulate the ticketing system easily. Purchased tickets could be transferred to other people without permission. Even stadium bans could be changed or removed without proper checks.

In one demonstration, journalists showed how a VIP season ticket was reassigned within seconds. The entire process was quick and required minimal effort from the attacker. This clearly highlighted how serious and dangerous the flaw was. If misused, it could have caused major disruptions for fans.

A hacker sitting in a dark room accessing multiple computer systems, representing the Ajax cyber breach and unauthorized system access.

While the club stated that only limited data was directly accessed, the risk was much bigger. Reports suggest that over 300,000 fan accounts could have been exposed. Around 42,000 season tickets were also potentially at risk. More than 500 stadium bans could have been viewed or altered.

The root cause of the breach was weaknesses in the club’s systems and security design. There were issues in the app as well as backend APIs that handled user data. Poor access control and shared digital keys made the system vulnerable. This allowed the attacker to perform actions on behalf of other users easily.

A red security alert warning displayed over code, representing vulnerabilities in Ajax’s ticketing system and cybersecurity risks.

After discovering the issue, AFC Ajax quickly fixed the vulnerabilities and secured its systems. The club improved its security measures and informed all affected individuals. Authorities were notified, and a police complaint was also filed for investigation. Fans have been advised to stay alert for phishing emails and any suspicious activity.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news