Skip to content

Asian Football Confederation and 6 clubs suffer major data breach

  • by
  • 2 min read

The Asian Football Confederation (AFC) and six football clubs have reportedly suffered a significant data breach, exposing sensitive personal information. A threat actor, Ddarknotevil, has claimed responsibility for the attack, alleging that the compromised data includes full names, passport details, dates of birth, and nationalities of individuals associated with the AFC.

The hacker claimed that the attack occurred on March 25. The stolen database contains records of 69,508 players, 24,745 team officials, 81,827 coaches, and 3,200 referees, along with information on high-profile individuals.

The leaked details reportedly include AFC ID numbers, passport numbers, and other sensitive identification data.

The breach extends beyond the AFC, with the attacker also asserting they have accessed data from several high-profile football clubs, including Al-Sadd (Qatar), Al-Ahli (Saudi Arabia), Al-Ain (UAE), Al-Hilal (Saudi Arabia), Al-Nassr (Saudi Arabia), and Persepolis FC (Iran).

The hacker claims to have obtained full contracts, passports, and contact information of individuals associated with these clubs.

In the breach post, the hacker alleges that AFC ignored their attempts to establish contact and now offers the stolen database for sale, accepting cryptocurrency (XMR) as payment. They also emphasise that escrow is required for the transaction, warning potential buyers to be cautious of scammers.

If confirmed, this breach could be detrimental to the players, officials, and coaches. This information is quite valuable for scammers, other threat actors, or even other clubs.

Recently, a hacker named Blinkers claimed to have breached Cricadda, a platform associated with online gaming and betting in India and other countries. Other breaches include GrubHub, OpenAI, BC Jindal Group, OmniGPT, SkilloVilla, and CHC data, among others.

In India and Brazil, major government websites have faced data breaches recently. For instance, in January 2025, the Brazilian Finance Ministry faced a cyber attack exposing sensitive financial data.

In the News: Microsoft starts naming miscreants in its AI service abuse lawsuits

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of phishing featured storyblocks

Cybercrime group rolls out major updates for on sale phishing tool

This is an image of scam call featured 1

China jails 9 for scamming over 66,000 Indians

What is a hack? 9 different types of hackers you must know about

SpyNote malware targets users through fake android apps

This is an image of meta fb oculus workspace whatsapp messenger instagram

Ex-employee reveals Meta offered US user data to enter China

This is an image of wordpress featured 9924

WordPress plugin with over 100,000 installations under active exploitation

This is an image of microsoft featured 13211

Microsoft 365 Family users denied service due to licensing glitch

  • by
  • In News
>