One-sentence headline summary

Dutch football club Ajax Amsterdam has confirmed a data breach after an ethical hacker exposed a vulnerability in its mobile application affecting approximately 300,000 fan accounts.

Key points

• An ethical hacker demonstrated that a flaw in the Ajax app allowed unauthorized access to personal data and account manipulation.
• The vulnerability enabled the unauthorized transfer of match tickets and the removal of stadium bans for restricted individuals.
• Ajax confirmed that the breach exposed email addresses and, in some cases, the birth dates of stadium-banned fans.
• The club has patched the identified security vulnerabilities and notified the Dutch Data Protection Authority and local law enforcement.
• Affected individuals have been warned to remain vigilant against potential phishing attempts resulting from the exposed information.

This incident highlights the significant security risks posed by vulnerabilities in consumer-facing mobile applications, particularly when they manage sensitive personal data and physical access credentials. The breach underscores the necessity for rigorous security testing to prevent unauthorized account manipulation and potential safety threats at large-scale public venues.