Passport details of AIFF staff, players leaked 

 Passport details of 1,138 personnel of the All India Football Federation (AIFF) were exposed due to security vulnerabilities in their official website.

Published: 17th March 2018 02:14 AM  |   Last Updated: 17th March 2018 06:42 AM   |  A+A-

Express News Service

HYDERABAD: Passport details of 1,138 personnel of the All India Football Federation (AIFF) were exposed due to security vulnerabilities in their official website.  Aadhaar data of AIFF staff and playerswere also being uploaded and accessible to public through a simple google search.The security flaw was found by French security researcher Robert Baptiste, who tweeted on Friday trying to reach out to AIFF. The federation officials, however,  downplayed the issue by calling the exposed passport details of their employees as “old data”.  

Cybercrime officials say the passport details could be misused for identity theft and taking new SIM cards.
On Friday, Baptiste tweeted requesting assistance to reach out to AIFF to alert them about a security flaw. Express then reached out to AIFF and alerted them about the security breach on the same day.The security flaw exposed passport details of 1,138 AIFF personnel, who were eligible to attend international sporting events. Federation officials refused to confirm if the data leak contained the passport details of national Indian football team. A federation official on the condition of anonymity said, “These passport details were uploaded some time ago and they are old. Our IT team has fixed the issue.” But the issue was not resolved technically.

The passport details were stored in PDF format and uploaded under the directory name passport_doc. 
“They just added another letter to the URL, it now reads ppassport_doc. Changing a file name is not fixing the issue,” said Baptiste.  “They have full address on the passports. If am a footballer I wouldn’t want my personal details available online,” he added.  Baptiste is still able to access the passport details despite AIFF’s claim that the issue was resolved.

“If someone who is not intended to access, but still accesses the information, is itself a crime,” said Ram Mohan, SP, CID Cybercrime, Hyderabad. “If someone gets access to your passport details, they can use it for identity theft, buying a new SIM card or for staying at a hotel or for using the passport details to pull off a phishing scam. People are unaware of the serious nature of data thefts and often voluntarily upload their sensitive details online,” he added.


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp