Passport details of AIFF officials and players leaked online
What's the story?
A French security researcher revealed that the passport details of 1138 All India Football Federation (AIFF) personnel were leaked on their official website on Saturday.
The security researcher named Robert Baptiste, tweeted on Friday to reach AIFF and inform them of this huge security flaw on their website. The federation officials, however, turned down the claim terming those details as 'old data'.
In case you didn't know...
The All India Football Federation (AIFF) website was earlier hacked on May 10, 2017, by a Pakistani hackers group called 'Zero Cool'. The hackers mocked the Indian government and termed Indian hostage Kulbushan Jadhav, held by Pakistan as a 'terrorist.
The heart of the matter
The security flaw exposed passport details of 1138 AIFF personnel, who were eligible to attend several international sports events. Although it is highly likely that details of the Indian national team were also leaked, there is no confirmation regarding the same.
The passport details were stored in a PDF format under the section of downloads and the file name as passport_doc.pdf. After Robert Baptiste contacted AIFF via twitter, the federation claimed that the issue was solved later on but as per Baptiste, only the name of the URL was changed to ppassport_doc.pdf, which apparently still does not solve the grave security issue.
The passport details contained several sensitive information such contact numbers and addresses of more than thousand AIFF personnel and possibly players as well. The passport details could be used for getting new SIM cards, access AADHAR details as well and thus involving the threat of fake identities.
Such breach of cybersecurity is one of the biggest issues plaguing the society. The leak of such sensitive information can lead to phishing and several other illegal uses. Footballers would surely not want their personal information up online to the public.
The AIFF Technical Team needs to be vigilant to solve these issues. AIFF has not so impressive history of the safe and secure website and needs to take care.