French Football Federation allegedly breached


France’s governing body of football, the French Football Federation (FFF), has allegedly had its database stolen, exposing the details of over ten million professional and non-professional football players.

Attackers announced the supposed breach on a well-known data leak forum, claiming that they’ve obtained details of millions of France’s football players.

We have reached out to the FFF for confirmation but have not immediately received a response.

The Cybernews research team looked into the data sample attackers provided, concluding that the information posted appears to be legitimate.

Data sample
Attackers' post on a data leak forum. Image by Cybernews.

The post on the data leak forum says that attackers obtained details on over ten million individuals, including their names, phone numbers, dates of birth, email addresses, transfer requests, league and club the user belongs to, info related to these memberships, and other personal information.

While the attackers claim they’ve obtained information on over ten million individuals, the official website of FFF indicates the federation unites 2.22 million members, 1.87 million players, 400,000 volunteers, and 14,000 amateur clubs.

However, as security researchers at HackManac noted, the stolen database could have details on present and past members of the federation.

Attackers frequently target sports organizations as they often store data on a large number of individuals. For example, last October, ASVEL Basket, a French basketball team owned by the former NBA star Tony Parker, was claimed by a ransomware cartel.

Sometimes, organizations inadvertently leak the data themselves. Earlier this year, the Cybernews research team discovered that Australia’s football governing body, Football Australia, leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers’ data and players’ contracts and documents.