Australian Sports Fan Portal Leaks 70 Million Records
Bigfooty, an active Australian sports fan site with over 100,000 members, has leaked 70 million records of private data.
The SafetyDetectives security team discovered multiple instances of personal private information made available to the public within the compromised server operated by BigFooty.com’s parent company Big Interest Group LLC. Led by Anurag Sen, the team discovered around 132GB of data from an Elasticsearch database including private user data and technical information relating to the company’s web and mobile sites.
The leak included data from the site’s forum such as public posts as well as private messages between users, and a proportion of the data found on the server related to anonymous users and did not include private information attributable to real people, says the report. Some of the messages, says the security team, contain explicit and what could be described as hateful, racist and offensive material that could be attributed to various users including their true identities.
Information leaked includes:
- Usernames used to access Big.Footy.com
- Passwords to live streams
- Data relating to ad spammers
- Email addresses
- Relationships between users
- Mobile phone numbers
- User comments including personal threats and racist material
- Personal information relating to real-world activities, intentions and behavior
- Password information relating to both accounts and streams hosted by BigFooty.com
- Thousands of email addresses and usernames were available on the unsecured server.
Other data was also discovered that related to the site’s internal workings, namely:
- Server information
- Operating system information
- Internal resource details
- Browser information
- Error logs
- Access logs
- IP addresses
- GPS/location data
According to SafetyDetectives, server information is showing including server status, document counts and storage capacity of various server applications. Although many user messages were available publicly, whether or not users could be identified depends on the data they shared in their correspondence. Many users shared mobile phone numbers, passwords to access other content and highly sensitive information relating to private activities.
For the full report and more information about the data breach, visit https://www.safetydetectives.com/blog/bigfooty-leak-report/