Threat actors are claiming access to Germany’s top governing body for football, with login credentials and passwords allegedly shared online. However, the Cybernews research team says the provided data sample doesn’t reveal much about the alleged data leak.
Alleged credentials to access the German Football Association (Deutscher Fußball-Bund or DFB) were recently posted on a popular data leak forum. The attackers weren’t generous with details about the alleged data leak, posting only a small sample.
DFB is Germany’s governing body for football (soccer in the US), futsal, and beach soccer. The organization has 8 million members and is among the largest sports federations on the planet.
DFB website users can range from fans to football players. Users use the website for updates on German football, ticket updates, and other information.
We have reached out to DFB for comment and will update this article once we receive a reply.
Meanwhile, our research team looked into the data sample attackers attached to the post. According to the team, although the data sample included login and password details, it is unclear whether the data actually belongs to DFB users.
Most of the domains visible in the sample appear to be from individual users, which likely rules out the possibility that German football players were exposed. However, researchers note that some may have created accounts using personal emails.
The information revealed in the sample does not link to recognizable football players or managers.
Even if the data was legitimate, it doesn’t automatically mean that attackers breached DFB. Our team noted that the attackers may have obtained the credentials via infostealer malware or credential-stuffing attacks.
If confirmed, the data leak would increase cybersecurity risks for individuals involved. For one, attackers could attempt unauthorized access to harvest more personal data, which is accessible once inside the DFB system.
Football organizations targeted by hackers
Hackers often target football federations and clubs. For example, this March, attackers breached Ajax, one of the most popular soccer clubs in the Netherlands, exposing the personally identifiable information (PII) of more than 300,000 fans.
Last September, attackers breached the French Football Federation (FFF) by accessing the software platform used by all licensed football clubs in the country to manage administrative tasks, including registering their players with the federation.
Other cases involve organizations inadvertently leaving data accessible. In 2024, the Cybernews research team discovered that Australia’s football governing body, Football Australia, had plain-text keys accessible, potentially enabling access to a staggering 127 digital storage containers.
In another case, the team discovered that the Premier League’s Aston Villa Football Club (AVFC) left a publicly accessible Amazon Web Services (AWS) S3 bucket containing the personally identifiable information of 135,770 individuals, leaving fans vulnerable to spear-phishing, social engineering, and identity theft.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked