BigFooty[dot]com, the largest Australian Football League (AFL) forum in the world recently exposed one of its unsecured Elasticsearch database online that leaked more than 70 million users’ records.
Last week, a team of researchers led by Anurag Sen at SafetyDetectives discovered the compromised 132GB sized database online that was being operated by the BigFooty.com’s parent company Big Interest Group LLC. to store private user data as well as technical information relating to the BigFooty.com’s web and mobile sites.
“The database contains around 70 million records, including usernames and passwords, email addresses, mobile phone numbers, as well as private messages revealing more critical details,” a SafetyDetectives spokesperson told QuickCyber.
During further investigation, the researchers also found data related to the site’s internal workings including, server information, OS information, internal resource details, browser information, error logs, access logs, IP addresses, and GPS/location data.
“The leak included data from the site’s forum such as public posts as well as private messages between users,” reads the report by SafetyDetectives. “Although many user messages were available publicly, whether or not users could be identified depends on the data they shared in their correspondence. Many users shared mobile phone numbers, passwords to access other content and highly sensitive information relating to private activities”.
Researchers at SafetyDetectives informed BigFooty about the leak, but due to no response from the BigFooty team, they further contacted Amazon AWS (the service provider) and the Australian Cyber Security Centre.
The Australian Cyber Security Centre then took down exposed servers immediately.
The Impact Of This Data Breach
The information leaked in this breach contained sensitive information such as chat transcripts, email ids, phone numbers of the high-profile users such as Australian police officers and also government employees. It could allow hackers to potentially blackmail any victim or do reputational damage very easily.
“Technical server data and user conversations could be leveraged to obtain further information and, therefore, empower malicious hackers to compromise the server and its users,” said the researchers.
“In terms of website vulnerability, by compromising BigFooty’s server, hackers obtain data that could help compromise other sister sites such as BigCricket.com,” researchers concluded the report.