BigFooty Data Leak Notice


 
Last edited by a moderator:
The CCP now know what football team we follow... no big deal.

Hopefully it leads to a mix up and in the event of war the Bombers HQ is levelled.

They no more and can use it to hack into other accounts you have with that Email
 

JB007

Cancelled
Feb 25, 2020
1,346
3,986
AFL Club
Collingwood
Not good at all...........

Big Footy data breach exposed private details of up to 100,000 users
By Fiona Willan
May 29, 2020 — 1.32pm

A large data leak from an AFL fan website has exposed about 70 million records online, including private conversations between users, according to cyber security researchers.
Aussie Rules forum Bigfooty.com has about 100,000 users – although it's not known how many were affected. The site has now started to contact users to notify them about the breach but the company believes no one downloaded the exposed data.
AFL fans on website BigFooty had their data exposed, according to security researchers.Credit: Sebastian CostanzoCyber security research team Safety Detective, led by Anurag Sen, claimed to have discovered about 132GB of data leaking from the site last month.In a report provided exclusively to Nine News, the researchers claim they were able to view private messages, some containing email addresses, mobile phone numbers, passwords and sensitive personal information.

In some cases, messages included threatening or racist comments.
https://www.theage.com.au/business/...hants-warns-telstra-boss-20200505-p54q2a.html
"Private messages are fully exposed in the leak and can be traced back to specific users. This includes some high-profile users such as Australian police officers and government employees," the report reads."Even though user names, passwords and identities were not always matched, there remains a significant risk that the tidbits of information available could be used to commit identity fraud, and consequently, create financial, social and reputational damage on users."The researchers say in several cases users who shared sensitive material could be identified."Sensitive material of this nature exposes those users to blackmail and coercion by malicious hackers, assuming their identity can be determined," the report reads."A further issue – and one that is common with data leaks in general – is users sharing passwords to other platforms, or re-using the same username and password on multiple platforms."



The research lab, which describes itself as a "pro bono service that aims to help the online community defend itself against cyber threats", told Nine News it immediately contacted Big Interest Group, the US-based parent company of Bigfooty.com.
A spokesperson for Big Interest Group told Nine News the unsecured port had been fixed on May 14.

"We have started sending out notices to potentially affected users informing them of the issue," they said.
"Apart from access by (Safety Detective), we have not found evidence the index was copied or downloaded by other parties.
Sensitive material of this nature exposes those users to blackmail and coercion by malicious hackers, assuming their identity can be determined.
Cyber security research team Safety Detective
"As it relates to data of users based in Australia, we are also preparing a report for the Office of the Australian Information Commissioner."
A statement was posted to BigFooty on Friday morning informing users about the breach and telling them what to do.

"It can't be fully determined who has shared what, so everyone who has ever posted in a private feature like convos has been emailed," the statement said.
"It seems there's no evidence that the search index was copied in full. The main forum server is not affected. The breach doesn't include information you provided at registration."
The researchers also contacted the Australian Cyber Security Centre and host-server Amazon.
While the ACSC won't comment on individual cases, a spokesperson said: "Databases and storage services are potential targets of malicious cyber actors and are vulnerable to compromise if not properly secured."
 
Not good at all...........

Big Footy data breach exposed private details of up to 100,000 users
By Fiona Willan
May 29, 2020 — 1.32pm

A large data leak from an AFL fan website has exposed about 70 million records online, including private conversations between users, according to cyber security researchers.
Aussie Rules forum Bigfooty.com has about 100,000 users – although it's not known how many were affected. The site has now started to contact users to notify them about the breach but the company believes no one downloaded the exposed data.
AFL fans on website BigFooty had their data exposed, according to security researchers.Credit: Sebastian CostanzoCyber security research team Safety Detective, led by Anurag Sen, claimed to have discovered about 132GB of data leaking from the site last month.In a report provided exclusively to Nine News, the researchers claim they were able to view private messages, some containing email addresses, mobile phone numbers, passwords and sensitive personal information.

In some cases, messages included threatening or racist comments.
https://www.theage.com.au/business/...hants-warns-telstra-boss-20200505-p54q2a.html
"Private messages are fully exposed in the leak and can be traced back to specific users. This includes some high-profile users such as Australian police officers and government employees," the report reads."Even though user names, passwords and identities were not always matched, there remains a significant risk that the tidbits of information available could be used to commit identity fraud, and consequently, create financial, social and reputational damage on users."The researchers say in several cases users who shared sensitive material could be identified."Sensitive material of this nature exposes those users to blackmail and coercion by malicious hackers, assuming their identity can be determined," the report reads."A further issue – and one that is common with data leaks in general – is users sharing passwords to other platforms, or re-using the same username and password on multiple platforms."



The research lab, which describes itself as a "pro bono service that aims to help the online community defend itself against cyber threats", told Nine News it immediately contacted Big Interest Group, the US-based parent company of Bigfooty.com.
A spokesperson for Big Interest Group told Nine News the unsecured port had been fixed on May 14.

"We have started sending out notices to potentially affected users informing them of the issue," they said.
"Apart from access by (Safety Detective), we have not found evidence the index was copied or downloaded by other parties.

"As it relates to data of users based in Australia, we are also preparing a report for the Office of the Australian Information Commissioner."
A statement was posted to BigFooty on Friday morning informing users about the breach and telling them what to do.

"It can't be fully determined who has shared what, so everyone who has ever posted in a private feature like convos has been emailed," the statement said.
"It seems there's no evidence that the search index was copied in full. The main forum server is not affected. The breach doesn't include information you provided at registration."
The researchers also contacted the Australian Cyber Security Centre and host-server Amazon.
While the ACSC won't comment on individual cases, a spokesperson said: "Databases and storage services are potential targets of malicious cyber actors and are vulnerable to compromise if not properly secured."

Scray as all out Info is not in Hand of Hackers and god knows what they will try to do with that Info.
 
Please go here for the official data breach notification and contact details for requests and questions:

 

JB007

Cancelled
Feb 25, 2020
1,346
3,986
AFL Club
Collingwood
Please go here for the official data breach notification and contact details for requests and questions:


J If I received the email does that mean my PM’s have been compromised?
 

JB007

Cancelled
Feb 25, 2020
1,346
3,986
AFL Club
Collingwood
Not happy J because my CFC2010 cancelled account has been hacked.

Totally understand and apologise.

From admin:

"...

What should you do now?

If you have shared personal contact or financial information in private boards, comments sections, and conversations, you may want to discuss this with people like your bank and phone service provider.

If you have shared any account login details you should change them immediately.
..."
 
Back