HYDERABAD: Passport details of 1,138 personnel of the All India Football Federation (AIFF) were exposed due to security vulnerabilities in their official website. Aadhaar data of AIFF staff and players were also being uploaded and accessible to public through a simple Google search. The security flaw was found by French security researcher Robert Baptiste, who tweeted on Friday. The federation officials, however, downplayed the issue by calling the exposed passport details of their employees as “old data”. Cybercrime officials say the passport details could be misused for identity theft and taking new SIM cards.
On Friday, Baptiste tweeted requesting assistance to reach out to AIFF to alert them about a security flaw. Express then reached out to AIFF and alerted them about the security breach. The security flaw exposed passport details of 1,138 AIFF personnel. Federation officials refused to confirm if the data leak contained the passport details of national Indian football team.
A federation official on the condition of anonymity said, “These passport details were uploaded some time ago and they are old. Our IT team has fixed the issue.” But the issue was not resolved technically.The passport details were stored in PDF format and uploaded under the directory name passport_doc. “They just added another letter to the URL, it now reads ppassport_doc. Changing a file name is not fixing the issue,” said Baptiste. Baptiste is still able to access the passport details despite AIFF’s claim that the issue was resolved.