West Ham ‘accidentally leaked supporters’ details – including phone numbers and home addresses – after a technical error on the club’s website’ with experts claiming fans could be exposed to cyber attacks
- West Ham United inadvertently displayed personal data of fans on its website
- The issue saw names, dates of birth, addresses and numbers leaked this month
- The technical error occurred after fans attempting to log onto ticketing system
- Security experts claimed supporters could be vulnerable to phishing attacks
West Ham United inadvertently leaked details of supporters – including names, home addresses and phone numbers – on their official website after a ‘technical error’ while accessing the ticketing system, reports claim.
Fans attempting to log on to the club’s ticketing system earlier this month were greeted with several error messages, with some shown personal details of supporters, according to Forbes – potentially leaving them at risk of phishing attacks.
Some supporters were greeted with a message from Drupal – a web platform – that read ‘Drupal already installed’, while others were able to see the names, dates of birth, email addresses and phone numbers of fans.
West Ham fans had their details inadvertently leaked on the club’s website, reports claim
Security experts believe the issue was ‘an internal error’ which could have caused ‘further potential problems’ for supporters.
Jake Moore, of security firm ESET, told Forbes: ‘This is likely to have been an internal error which took the club by surprise, but now with account holders seeing other people’s personal information, there could be further potential problems.
‘Not only could this arise in a GDPR issue, it seems like it would be difficult to know who has seen what information and they could be potentially at risk of future targeted phishing emails. I would suggest anyone with an account to remain vigilant to any emails requesting further details.’
The club insisted that it had worked with its service provider and that the issue was resolved
There is no suggestion that payment details – such as credit card numbers – have been exposed.
West Ham said it had worked with the service provider and that the issue had been quickly resolved.
‘We are aware there was a technical issue when signing into online accounts this morning. We worked with our third-party service provider and they have already resolved this issue.’
The club declined to comment further when approached by Sportsmail.
Sportsmail understands the issue was triggered due to a third party service provider making technical alterations to the site – with the club conducting a review of the problem and implementing further security measures, while those affected have been contacted.
Football clubs are attempting to beef up their security amid the threat of future cyber attacks
Manchester United were targeted by hackers last year, who demanded cash to release their grip on the club’s systems
Football clubs have been wary of cyber attacks in recent months after Manchester United fell victim to a hack in November.
Top secret data at United had fallen into the hands of a ‘organised cyber criminals’, who attempted to hold the club to ransom for millions of pounds.
The club eventually saw off the threat – which is believed to have originated from an email phishing scam – leading to clubs attending a cyber security summit in January to protect themselves against future attacks.
Last week Leeds United decided to beef up their security amid the threat of cyber criminals breaching their systems – commissioning Barracuda Networks to secure email systems and defending against ransomware.
Liverpool have also been victims of hackers in recent years, while an EFL club was hit with a £5m demand in 2020.