Experts On West Ham Utd Website Leaks Users’ Data

By   ISBuzz Team
Writer , Information Security Buzz | Mar 10, 2021 06:17 am PST

It has been reported that the website of English Premier League football club West Ham Utd has leaked the personal details of the clubs’ supporters. The club website is showing several error messages including “Drupal already installed”. Experts commented below.

Notify of
10 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Amit Sharma
Amit Sharma , Security Engineer
March 10, 2021 2:34 pm

<p>Vulnerabilities leading to an error screen, leaked data, or supplying details from other system users may be a result of commonly occurring vulnerabilities in the application security domain. A well-known list of common issues can be found in the OWASP Top 10 list. Every application that moves into production should at least be checked for OWASP Top 10 issues as a baseline to avoid and/or mitigate the most common vulnerabilities. These are also crucial for organizations to ensure GDPR compliance. After all, ensuring the confidentiality and integrity of data is vital to protect personal data from exposure.</p>

Last edited 2 years ago by Amit Sharma
Hank Schless
Hank Schless , Senior Manager, Security Solutions
March 10, 2021 2:33 pm

<p>We all trust our digital experiences to be inherently secure. Whether it\’s a football club\’s website or a banking app, we trust the service provider to keep our data safe. Anyone who thinks their data could have been leaked should be particularly careful of mobile phishing attacks in the future that leverage the leaked data.</p>

Last edited 2 years ago by Hank Schless
Javvad Malik
Javvad Malik , Security Awareness Advocate
March 10, 2021 2:31 pm

<p>All organisations of all sizes and in all verticals need to foster a culture of cyber security so that all aspects of security and design are taken into account. The leak at West Ham Utd is likely down to an internal error or misconfiguration, which is an easy enough error to make. This is why it\’s important to have in place the proper security controls, particularly where customer data is concerned so that there can be assurance that the data is being handled correctly.</p>

Last edited 2 years ago by Javvad Malik
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
March 10, 2021 2:30 pm

<p>Football fans will remember that in July 2020, the theft of nearly £1m from a Premier League football club was narrowly avoided. Before that, in February 2020, a misconfigured application leaked information from the Brazilian ticketing company Futebol Card. The latest news about West Ham is hardly surprising. We will only see these headlines go away when all software deployments are done with security in mind. When organization of all types have a security-first mindset, we will no longer read sad stories about open databases or misconfigured applications. Problems will still happen, of course, but they will be less common. Let’s make life a little hard for the bad guys. Affected West Ham fans should be aware that their personal information might be available to bad people, and be skeptical of unsolicited calls and emails containing their information.</p>

Last edited 2 years ago by Jonathan Knudsen
Natalie Page
Natalie Page , Cyber Threat Intelligence Analyst
March 10, 2021 2:29 pm

<p>The potential ramifications for West Ham United from this incident could be extremely costly. Since the introduction of GDPR, we have seen individual organisations fined as much as £42 million, with an astonishing overall amount of £235 million issued thus far against 533 organisations. For the West Ham United fans potentially affected by this breach, while the club should contact you directly if your details have been exposed, be cautious and act as if your personal details have been breached until notified otherwise. Be alert to incoming texts, calls, and emails utilising the information shared in this incident from unknown sources demanding further personal information or payment. Also consider the password you utilise for this account, if this has been duplicated on other personal accounts, this should be changed promptly.</p>

Last edited 2 years ago by Natalie Page

Recent Posts

Would love your thoughts, please comment.x