#Privacy: AFL fan website leaks 132GB of private data

A compromised server belonging to Australian sports fan site has compromised the personal information of over 100,000 members.

Researchers from SafetyDetectives explained it had discovered 132GB of data leaked from an Elasticsearch database belonging to BigFooty.com, an AFL Australian Rules Football forum. 

According to SafetyDetectives, approximately 70 million records were leaked including usernames, passwords to live streams, data relating to ad spammers, email addresses, relationships between users, mobile phone numbers and more. 

Additionally, data related to the site’s internal network, namely server information, operating system information, internal resource details, browser information, error logs, GPS/location data, access logs, and IP addresses, were also exposed. 

Private messages, chat transcripts and email addresses were also found on the database, subsequently putting many users at risk of potential blackmailing and reputational damage. 

Although the majority of usernames, passwords and identities were not matched, there still remains a risk that the leaked information could be exploited and utilised to committing identity fraud.

After reaching out to BigFooty and not receiving a response, researchers reached out to Amazon Web Services and the Australian Cyber Security Centre (ACSC), to which ACSC were quick to reply and shortly after, the servers were closed. 

Big Interest Group LLC, parent company to BigFooty told Fox Sports: “We are incredibly embarrassed that this has happened in our system, which has remained secure for over 20 years.”


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.