Bigfooty.com, an online platform dedicated to “all things Australian football league,” has admitted a data breach that affects a portion of its userbase of roughly 100,000 people. The exposure involves 70 million records, totaling 132GB of data. The incident wasn’t published by the platform itself, as the discovery came from cybersecurity researcher Anurag Sen, who claims that the data seem to have been sourced over the previous month. That said, Bigfooty either didn’t realize the data breach when it happened or chose to keep it a secret, hoping that nothing would appear on the dark web.
The type of data that has been exposed includes private messages of users, with full details like timestamps and usernames. Some of these messages exchange racist or threatening comments, so they can be used for targeted extortion or scamming. The researcher who analyzed chunks of this data figured that there are quite a few Australian government employees and high-ranking police officers who have engaged in these conversations. These users will soon be magnificent targets for blackmail and coercion since they have exposed themselves as appalling racists, and so, their public image is now on the line.
Other details that have leaked include email addresses, mobile phone numbers, passwords, and various sensitive personal information. That said, the possibility of identity theft and fraud are also thrown in the mix. Due to the severity and the potential consequences of the incident, the Australian Cyber Security Centre felt that it needed to issue a statement through a spokesperson. The representative said that the scenario of actual data exfiltration hadn’t been confirmed with absolute certainty yet, so this may have been mere file access. The case will also go to the Office of the Australian Information Commissioner for further review.
In the meantime, BigFooty informed the users about the breach and requested everyone to reset their credentials. The platform clarified that the incident only affects users who have posted sensitive information on forums and private conversations that were subject to any form of restrictive access. The website operator identified the problem as an unsecured port and fixed it on May 14, 2020.
If you are a BigFooty user who shared information like phone number, real name, bank account details, or anything that one shouldn’t have on any place on the platform, go ahead and take the appropriate protective action now. Those who like to engage in threatening and racist conversations on private one-on-one rooms, trying to degrade or intimidate others, deserve being exposed since this is a detestable practice, and they kind of had it coming.