Cyber Attack

Sportradar, Bet365, and FIBA Data Exposed in Vect Ransomware Breach

DailyDarkWeb
Sportradar, Bet365, and FIBA Data Exposed in Vect Ransomware Breach
Threat groups Vect Ransomware and TeamPCP claim they breached Sportradar AG on March 25, 2026 via a supply-chain attack exploiting Trivy and are selling exfiltrated corporate and client data for up to $50,000 USD. The alleged leak includes about 28,829 records with roughly 26,000 PII entries, 23,169 athlete profiles, third-party credentials (including FIBA and Bet365), API keys, production RDS passwords, Auth0 and Kafka secrets, and Terraform/AWS configuration files. #VectRansomware #TeamPCP

Keypoints

  • Vect Ransomware and TeamPCP claim a March 25, 2026 supply-chain breach of Sportradar via an exploit in Trivy.
  • Actors allege exfiltration of approximately 28,829 records, including about 26,000 PII entries and 23,169 athlete profiles.
  • Third-party credentials and access tokens tied to FIBA and Bet365 were reportedly stolen.
  • Stolen items reportedly include production RDS passwords, Auth0 OAuth client secrets, Kafka SASL credentials, over 300 API keys, and Terraform/AWS state files.
  • The data package is being offered for sale on a dark web forum for up to $50,000 USD.

Read More: https://dailydarkweb.net/sportradar-bet365-and-fiba-data-exposed-in-vect-ransomware-breach/