AFC Ajax disclosed that a hacker exploited vulnerabilities in its IT systems, viewing email addresses of a few hundred people and personal details for fewer than 20 individuals with stadium bans. RTL journalists verified the flaws and demonstrated they could transfer VIP and season tickets, modify stadium ban records, and access broad fan data via exposed APIs and shared keys. #AFCAjax #RTL
Keypoints
- A hacker accessed parts of AFC Ajax’s systems and viewed email addresses of a few hundred users.
- Data for fewer than 20 people with stadium bans—including names, emails, and dates of birth—was accessed.
- RTL journalists verified the vulnerabilities and demonstrated ticket transfers, stadium ban modifications, and API access.
- The investigation indicated potential manipulation of 42,000 season tickets, 538 stadium bans, and viewing details on over 300,000 accounts.
- AFC Ajax engaged external experts, patched the vulnerabilities, notified authorities, and urged fans to watch for suspicious communications.