Australia's players pose for a group photograph before the start of the Qatar 2023 AFC Asian Cup football match between Australia and Indonesia at the Jassim bin Hamad Stadium in Doha on Jan 28, 2024. (PHOTO / AFP)
SYDNEY - Football Australia confirmed on Thursday that it is aware of reports of a possible data breach and is investigating the matter as a priority.
"Football Australia takes the security of all its stakeholders seriously. We will keep our stakeholders updated as we establish more details," said the governing body of football in Australia.
According to the research team, the exposed data include personally identifiable information of players, ticket purchase information, internal infrastructure details, source code of the digital infrastructure, and scripts of the digital infrastructure
The statement came a day after Cybernews, a research-based online publication, revealed that Football Australia leaked secret keys, which potentially opened access to 127 buckets of data.
READ MORE: Australia brush aside Indonesia 4-0 to reach Asian Cup quarters
According to the research team, the exposed data include personally identifiable information of players, ticket purchase information, internal infrastructure details, source code of the digital infrastructure, and scripts of the digital infrastructure.
READ MORE: S. Arabia clear to host 2034 World Cup after Australia drops out
The researchers also flagged "human error" as the most likely reason behind the leak, as they believed that a developer inadvertently left a reference hidden in a script accessible to the public.
READ MORE: Paris 2024 opening ceremony attendees estimate cut to 300,000
Jamieson O'Reilly, founder of cyber-security firm Dvuln, told the Sydney Morning Herald that the data is "highly sensitive", which "could contain more credentials, leading to further unauthorized access."
"Considering the exposure lasted for at least 681 days, it's plausible that external attackers discovered and utilized these keys," said O'Reilly.
