HomesecurityApocalyptic: Exposed personal data of APOEL and Omonia fans

Apocalyptic: Exposed personal data of APOEL and Omonia fans

Serious personal data leaks may exist from the new Stadium360 platform which is responsible for the sale of online tickets for the football matches of APOEL and Omonia Nicosia.

As Economy Today reveals, anyone without special computer knowledge has access to the names, ID numbers and fan card numbers of people who have purchased a ticket through this platform, while questions also arise about the availability of personal data of their fans. Cyprus Sports Organization on this platform.

See also: DoppelPaymer has been renamed Grief ransomware

The possibility of leaking personal data arises due to an error in the Stadium360 software system with which one can in three simple steps obtain information about ticket holders for each seat on the field of upcoming football matches or for seats corresponding to season ticket holders.

APOEL Omonia

The platform is used for the issuance of tickets for Omonia football matches and until the moment this text was written, tickets for the Omonia football match with Dinamo Zagreb were being sold, while yesterday the sale of APOEL season tickets through the page after official announcement by the Nicosia team.

See also: Microsoft for BazarCall: Initial attacks can lead to ransomware within 48 hours

Personal Data Commissioner: Will be investigated immediately

Economy Today contacted the Commissioner of Personal Data Irini Loizidou about the security gap that exists in the system, which stated that the issue will be investigated immediately after serious security gaps arise and the possibility of personal data leakage.

Also, data and recorded material of the process have been sent to the Commissioner that with 3 simple steps can intercept the personal data of the fans and be used for any purpose by anyone.

Economy Today cannot make public the documents submitted to the Commissioner due to the fact that the sensitive personal data of the users registered in the registers of the Cyprus Sports Organization are at stake, as well as the progress of the investigations.

Through the information that can be intercepted through the page, anyone can access the photo of the person who has been registered in the KOA Fan Card register simply by filling in the fields related to the ID number and the fan card number.

See also: Ransomware: Common ways hackers invade a network

Ο President and vice president of Omonia behind the company

EconomyToday, through an internet search and the GoDaddy website and the WHOIS database, records that the online name of the system belongs to the company DG Techlink, whose directors are Stavros Papastavrou and Dimitris Grigoris, who are the leaders of the Board of Omonia Football Ltd.

Specifically, on the website of the Registrar of Companies, the President of Omonia Stavros Papastavrou and the Vice President of the Board of Directors of Omonia Football Ltd are two of the three directors of DGTechlink.

It is noted that DGTechlink is the company that appears as the "designer and developer" of the official website of the Omonia football company.

It is also noteworthy that APOEL with its announcement a few days ago had stated that the responsibility of the platform lies with Hellenic Technical Enterprises.

On July 22, via twitter, the company APOEL FOOTBALL (PUBLIC) LTD informs that the delay in starting the pre-sale from the internet is due to the non-functional delivery of the internet system by Hellenic Technical Enterprises.

Source of information:

Teo Ehc
Be the limited edition.