AFC Ajax drops ball as flaws let hackers play admin with tickets and bans

AFC Ajax, a prominent Dutch football club, has disclosed a data breach resulting from vulnerabilities in its internal systems, which allowed unauthorized access to sensitive data and enabled outsiders to manipulate accounts and even lift stadium bans. The breach, which has significant implications for the security of fan data, occurred due to flaws in the club's systems that were exploited by an attacker. Specifically, the vulnerabilities allowed hackers to gain administrative access, permitting them to modify accounts and override existing bans¹. The incident highlights the importance of robust security measures, particularly for organizations handling sensitive personal data. The fact that the vulnerabilities were exploited to lift stadium bans suggests a high level of access was achieved, potentially compromising the safety and security of fans. This incident matters to practitioners because it underscores the need for thorough vulnerability assessments and penetration testing to prevent similar breaches, which can have serious consequences for organizations and their stakeholders.