Aston Villa Football Club Exposes 135,770 Fans’ Personal Information in AWS S3 Bucket Leak

Aston Villa Football Club (AVFC) has recently come under scrutiny after a publicly leaking Amazon Web Services (AWS) S3 bucket was discovered, containing the personally identifiable information of 135,770 individuals. The exposed data includes full names, dates of birth, home addresses, phone numbers, email addresses, membership details, and purchase details.

The Cybernews research team uncovered the leak on March 13th, 2024, and identified 5842 exposed CSV files containing member records. This breach has left AVFC fans vulnerable to spear phishing, social engineering attacks, and identity theft attempts.

Cybersecurity experts have warned that the exposure of such sensitive information poses severe risks to the club’s fans. The leaking bucket, labeled “prod,” indicates that it may have been used to store operational and production data for AVFC.

While the bucket has since been secured, it remains unclear what caused the leak and whether any unauthorized parties accessed the data. Aston Villa Football Club, founded in 1874 and based in Birmingham, England, competes in the Premier League and has recently qualified for the Champions League.

To mitigate the risks posed by this data breach, cybersecurity researchers recommend encrypting sensitive data and modifying access settings. They also advise monitoring access logs and notifying Data Protection Authorities if the bucket has been compromised.

AVFC fans are urged to remain vigilant against potential phishing attacks and to practice good cyber hygiene to protect themselves from further security threats. The club has yet to respond to inquiries regarding the incident.