Police arrest suspect in Ajax football club hack that exposed 300,000 fan records

Key Points:

• A 35-year-old man was arrested for hacking into AFC Ajax's computer systems, exposing over 300,000 fan records.
• The attack exploited vulnerabilities in the club's app and website, including exposed APIs and shared access keys, potentially allowing unauthorized access to sensitive data and manipulation of season tickets.
• It is recommended that organizations conduct regular security audits to identify and remediate vulnerabilities, particularly in applications and APIs.

Technical Details: The incident involved exploitation of vulnerabilities related to exposed APIs and shared access keys, which allowed unauthorized access to sensitive data.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned