Aston Villa Football Club leaks members’ data
The Cybernews research team has discovered that Aston Villa Football Club (AVFC) has left a publicly ‘leaking bucket’ containing the personally identifiable information of 135,770 individuals.
The affected fans are vulnerable to spear phishing, social engineering attacks and identity theft attempts.
The leak was first spotted on March 13th, 2024 when the Cybernews research team discovered a publicly accessible AWS S3 bucket (cloud storage service).
The storage likely belongs to Aston Villa Football Club, as it contained 135,770 member records among 5842 exposed CSV files used for storing data. Cybersecurity researchers warn that “the exposure of personally identifiable information presents a series of severe information security implications and risks to the club’s fans.”
The exposed personal information includes:
-
Full names
-
Dates of Birth
-
Home addresses
-
Phone numbers
-
Email addresses
-
Membership details
-
Purchase details (date, method of payment, type of membership purchased).
What’s the impact of the leak?
The data is a treasure trove for cybercriminals and may be used for many financially motivated attacks.
“Attackers could engage in manipulative tactics aimed at persuading unsuspecting individuals to divulge further sensitive information or undertake actions that compromise their security. This may involve impersonating trusted entities to elicit additional personal or financial information,” researchers warn.
“Villa fans should beware that the availability of exposed email addresses and phone numbers can be used for spear phishing campaigns specifically designed for each exposed individual. Cybercriminals may craft deceptive emails, text messages, or calls purporting to originate from legitimate sources.
“The consequences are not limited to cyberspace and could involve other illegal activities that are made easier by knowing exactly where the person lives, such as theft, burglary, or physical incursion,” the research team warns.
To read the full research, please click here.
