AFC Ajax drops ball as flaws let hackers play admin with tickets and bans

Vulns in Dutch football club's systems didn't just expose data – they let outsiders play with accounts, and even lift stadium bans

Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its internal systems, in an incident that looks less like a stray pass and more like the gates left wide open.

The club says a "hacker in the Netherlands" exploited vulnerabilities to access parts of its systems, viewing email addresses of a few hundred people and limited personal data tied to fewer than 20 supporters with stadium bans. Ajax says it patched the holes, notified regulators, and has "no indication" the data has spread further.

That's the scoreboard Ajax wants to show. The match report from RTL News looks more like a game where the defense stayed in the locker room.

RTL's investigation found that by poking at ...