West Ham Supporters’ Personal Details Leaked on Club Website
English Premier League football club West Ham United appears to have accidently leaked personal data of supporters on its official website, potentially leaving fans exposed to phishing attacks.
As reported today by Forbes, multiple details of fans including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into their accounts on the club’s ticketing website.
The article stated that the official club website showed several error messages earlier today, including an admin message stating “Drupal already installed.” After the author created an account on the site and re-logged in with their credentials, the personal details of another West Ham supporter were displayed. A number of West Ham supporters reported similar experiences on the fans forum site KUMB.
In a statement, the club confirmed that the issue has now been resolved, with a spokesman saying: “We are aware there was a technical issue when signing into online accounts this morning. We worked with our third-party service provider and they have already resolved this issue.”
There is currently no suggestion that credit card or any other payment details have been exposed.
Cybersecurity experts believe it is likely the problem was caused by an internal error.
Javvad Malik, security awareness advocate at KnowBe4, commented: “All organizations of all sizes and in all verticals need to foster a culture of cybersecurity so that all aspects of security and design are taken into account. The leak at West Ham United is likely down t ..