Ajax football club hack exposed fan data, enabled ticket hijack
Recorded: March 26, 2026, 9 p.m.
| Original | Summarized |
Ajax football club hack exposed fan data, enabled ticket hijack News Featured Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens HackerOne discloses employee data breach after Navia hack Firefox now has a free built-in VPN with 50GB monthly data limit Infinite Campus warns of breach after ShinyHunters claims data theft Ajax football club hack exposed fan data, enabled ticket hijack CISA: New Langflow flaw actively exploited to hijack AI workflows Edit, convert, and sign PDFs without switching apps for just $40 UK sanctions Xinbi marketplace linked to Asian scam centers Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityAjax football club hack exposed fan data, enabled ticket hijack Ajax football club hack exposed fan data, enabled ticket hijack By Bill Toulas March 26, 2026 Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. Red Report 2026: Why Ransomware Encryption Dropped 38% Related Articles: Ajax Bill Toulas Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens New KB5085516 emergency update fixes Microsoft account sign-in Crunchyroll probes breach after hacker claims to steal 6.8M users' data Sponsor Posts Overdue a password health-check? Audit your Active Directory for free AI is a data-breach time bomb: Read the new report Synthetic Identities, Proxies & Real Identities for Sale, is yours next? Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast. Are your AI accounts being sold on the dark web? Check for free. Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
AFC Ajax, a prominent Dutch football club with a rich history of success including four UEFA Champions League titles and 36 Eredivisie championships, recently faced a significant security breach disclosed through investigative reporting by RTL Nederland. The incident, initiated by a hacker who alerted the media rather than exploiting the vulnerabilities for malicious gain, revealed a series of critical weaknesses within the club’s IT infrastructure. The primary outcome of the breach involved the unauthorized access to data pertaining to approximately 600 registered fans, alongside sensitive details of less than 20 individuals subject to stadium bans, including name, email address, and date of birth. The hacker’s actions demonstrated the potential to manipulate the club’s ticketing system, allowing for the reassignment of season tickets to arbitrary individuals, and to modify stadium ban records. Furthermore, the hacker gained access to over 300,000 accounts, revealing capabilities to examine supporter data on a large scale. The incident highlighted the vulnerability of APIs and shared keys utilized within the club’s systems, providing a pathway for extensive data extraction. RTL's investigation revealed the ability to manipulate 42,000 season tickets, and 538 supporter stadium bans. Following the discovery, AFC Ajax immediately engaged external cybersecurity experts to conduct a thorough assessment of the situation, determine the precise scope of the breach, and identify the root causes of the vulnerabilities. The club subsequently patched all identified vulnerabilities and implemented additional security measures to mitigate future risks. Notification was made to both the Dutch Data Protection authority and the police. Notably, RTL's investigation appeared to be driven by non-malicious intent, suggesting an initial focus on exposing the flaws rather than exploiting them for personal gain. While the precise timeline of when these vulnerabilities were first discovered remains unclear, the incident underscores the importance of robust cybersecurity protocols within large organizations, particularly those handling sensitive personal data. The incident serves as a cautionary tale regarding API security and the potential for attackers to leverage access to gain substantial control over systems and data. AFC Ajax fans who registered with the club or purchased season tickets are advised to remain vigilant for suspicious communications. The response by AFC Ajax highlights the critical need for proactive threat monitoring, rapid incident response, and continuous security assessment within the sports and entertainment sectors, particularly concerning the protection of fan data. |