🚨 🇻🇪 Sensitive Data Exposure at the Venezuelan Football Federation (FVF)
The Venezuelan Football Federation (FVF) maintained a publicly accessible storage system that exposed sensitive information belonging to several football clubs, including:
Club licenses for teams such as Club Carabobo FC, Dynamo Puerto F.C., and Titanes FC.
COMET player registration files from Club Carabobo FC.
Tax returns and contracts.
What specific data was exposed in the COMET files?
Full names, national ID numbers, phone numbers, email addresses, and home addresses.
This vulnerability was responsibly reported on April 6 via email and through the official complaints/reporting section on the FVF website.
The exposed storage was blocked on April 17.
However, as of today, I have not received any from the FVF.
In the last few hours I've learned that the FVF is looking for human capital in cybersecurity.
If this hadn't been reported, it might still have been active and could have put players' data at risk.
