Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

West Ham supporters have data leaked by club website

Hammering home the need for better data security

by Joel
March 12, 2021
in Data Protection, News
West Ham United player taking a corner kick
Share on FacebookShare on Twitter

English Premier League football club, West Ham, has suffered an accidental data breach with personal information of supporters leaked via the clubs official website. Having first been reported by Forbes, error messages were being displayed on the West Ham’s website before showcasing the profile information of supporters to other fans who were attempting to log into their accounts. The data leak resulted in key fan information being left exposed and included names, dates of birth, telephone numbers, addresses and email addresses.

 

The error messages were linked to the clubs online ticketing service with numerous error messages being displayed including an admin message saying, “Drupal already installed”. When an individual attempted to enter their own login details, they would then be shown another West Ham fans information. This breach of information had many fans puzzled who took to the clubs official fans forum site KUMB to vent their frustration.

 

The Hammers, which currently sit in the top half of the premier league, issued a statement to fans via email, confirming the problem had been swiftly resolved while apologising to those affected. We are aware there was a technical issue when signing into online accounts this morning. We worked with our third-party service provider and they have already resolved this issue.”

 

Providing insight and commentary are the following cybersecurity experts:

 

Amit Sharma, Security Engineer at Synopsys Software Integrity Group

 

After all, ensuring the confidentiality and integrity of data is vital to protect personal data from exposure.

Vulnerabilities leading to an error screen, leaked data, or supplying details from other system users may be a result of commonly occurring vulnerabilities in the application security domain. A well-known list of common issues can be found in the OWASP Top 10 list. Every application that moves into production should at least be checked for OWASP Top 10 issues as a baseline to avoid and/or mitigate the most common vulnerabilities. These are also crucial for organizations to ensure GDPR compliance. After all, ensuring the confidentiality and integrity of data is vital to protect personal data from exposure.

 

Javvad Malik, Security Awareness Advocate at KnowBe4

 

The leak at West Ham Utd is likely down to an internal error or misconfiguration, which is an easy enough error to make.

All organisations of all sizes and in all verticals need to foster a culture of cyber security so that all aspects of security and design are taken into account. The leak at West Ham Utd is likely down to an internal error or misconfiguration, which is an easy enough error to make. This is why it’s important to have in place the proper security controls, particularly where customer data is concerned so that there can be assurance that the data is being handled correctly.

 

Jonathan Knudsen, Senior Security Strategist, Synopsys

 

Problems will still happen, of course, but they will be less common. Let’s make life a little hard for the bad guys.

Football fans will remember that in July 2020, the theft of nearly £1m from a Premier League football club was narrowly avoided. Before that, in February 2020, a misconfigured application leaked information from the Brazilian ticketing company Futebol Card. The latest news about West Ham is hardly surprising. We will only see these headlines go away when all software deployments are done with security in mind. When organization of all types have a security-first mindset, we will no longer read sad stories about open databases or misconfigured applications. Problems will still happen, of course, but they will be less common. Let’s make life a little hard for the bad guys. Affected West Ham fans should be aware that their personal information might be available to bad people, and be skeptical of unsolicited calls and emails containing their information.

 

Natalie Page, Cyber Threat Intelligence Analyst at Talion

 

The potential ramifications for West Ham United from this incident could be extremely costly.

The potential ramifications for West Ham United from this incident could be extremely costly. Since the introduction of GDPR, we have seen individual organisations fined as much as £42 million, with an astonishing overall amount of £235 million issued thus far against 533 organisations. For the West Ham United fans potentially affected by this breach, while the club should contact you directly if your details have been exposed, be cautious and act as if your personal details have been breached until notified otherwise. Be alert to incoming texts, calls, and emails utilising the information shared in this incident from unknown sources demanding further personal information or payment. Also consider the password you utilise for this account, if this has been duplicated on other personal accounts, this should be changed promptly.

 

Stephen Kapp, CTO and Founder at Cortex Insight

 

The website belonging to West Ham United seems to have suffered from a security issue that put their supporter data at risk.

The website belonging to West Ham United seems to have suffered from a security issue that put their supporter data at risk. To prevent this from happening again, it is important to carry out security and user acceptance testing when websites are going live. To limit damage from the data leak, West Ham United fans who have accounts with the ticket site should start to pay close attention to their emails and watch out for phishing scams. It will be interesting to see how the ICO handles this security misconfiguration because putting sensitive data at risk is one of the biggest concerns within the GDPR.

 

Nikos Mantas, Incident Response Expert atObrela Security Industries

 

Supporters are advised to avoid using the site until West Ham United clearly communicates that the problem has been fixed.

The West Ham United site appeared to have been leaking confidential supporter information which could have put their data into the hands of criminals. Supporters are advised to avoid using the site until West Ham United clearly communicates that the problem has been fixed.

 

Burak Agca, Security Engineer at Lookout

 

Attacks against football clubs are not new.

Attacks against football clubs are not new. We see the same characteristics in comparison to other data breaches and phishing campaigns. The right atmosphere for social engineering, high net value individuals, and a large net of people to target during an important event. During a transfer window last year, one premier football league manager narrowly escaping the loss of £1 million pounds as attackers targeted specific mail accounts. Ransomware targeting IoT devices nearly caused a match to be postponed, with a demand for 400 bitcoins by the attackers, and we’ve seen botnet DDoS attacks leveraging Android devices.

 

Mobile devices in the hands of consumers represent a significant gap in security where the user is expected to be fully educated in recognising threats across a variety of attack vectors. It’s a given that a large proportion of BYO devices at a matchday event will have little or no security controls in place, out of date OS, free and third-party apps, and the majority will be connected to free WIFI with the ability to receive texts from the data harvested by the attackers.

 

Chris Hauk, Consumer Privacy Champion at Pixel Privacy

 

The West Ham data leak will put club supporters at real risk of being targeted by the bad actors of the world with phishing attempts.

The West Ham data leak will put club supporters at real risk of being targeted by the bad actors of the world with phishing attempts via email, text, and phone calls. Supporters will need to beware of any communications that appear to come from the club, as hackers will seek to extract more information (such as financial information) from the victims of the leak.

 

David Kennefick, Solutions Architect at Edgescan:

 

Sports teams around the world, and particularly in the UK, are adapting to being targeted by cybercriminals due to their financial status.

While the instability of the West Ham United website appears to be still ongoing it is likely that an investigation will be initiated in order to see whether personal data has been breached. This may just have been a few small isolated incidents, that impacted a minority of users. However, in case the breach affected a larger pool of users the club will presumably follow the usual protocols, and if there is a personal data breach the Information Commissioner’s Office (ICO) will be informed.

 

Sports teams around the world, and particularly in the UK, are adapting to being targeted by cybercriminals due to their financial status. During the last few years, www.ncsc.gov.uk has worked to increase the resilience of the sports industry in the UK. Their reports are a useful resource to help understand how sports clubs can better protect themselves from cyberattacks.

 

Paul Bischoff, privacy advocate at Comparitech.com:

“West Ham fans should be on the lookout for phishing emails from scammers posing as West Ham or a related organization. Scammers might use personal details from the database to reach out to West Ham fans and make their messages more convincing. Given that physical addresses were leaked, West Ham fans could also be at risk of physical harassment and stalking. 

Never click on links or attachments in unsolicited emails. Always verify the sender before responding.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Internet providers aid Home Office in web-spying

Next Post

Twitter users suspended due to “Memphis” bug

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information