Olympique Marseille Hit by Cyberattack, Data Leak Confirmed
▼ Summary
– Olympique de Marseille confirmed it was the target of a cyberattack after a threat actor claimed to have breached its systems.
– The threat actor leaked a sample of allegedly stolen data, claiming it includes a database of staff and supporter information.
– The club stated the attack was quickly contained, normal operations continue, and no banking details or passwords were compromised.
– The threat actor claims the stolen data includes details on 400,000 individuals and over 2,050 Drupal CMS accounts.
– The club has reported the incident to authorities and advised supporters to remain vigilant against phishing attempts.
A major French football institution has confirmed it was the target of a significant cyberattack, following online claims by hackers who leaked a sample of allegedly stolen data. Olympique de Marseille, a historic club with a massive global fanbase, stated that its technical teams quickly mobilized to control the situation, ensuring all operations continue normally and securely. The club reassured supporters that sensitive financial information and passwords remain uncompromised, though investigations into the full scope of the incident are ongoing.
The attack came to light after a threat actor posted on a hacking forum, boasting of a breach into some of the club’s servers earlier this month. This individual claimed to possess a database containing information on approximately 400,000 individuals, including names, physical addresses, order details, email addresses, and mobile phone numbers. The leaked sample was presented as proof of the intrusion.
In an official statement, the club addressed the incident within the context of a troubling rise in cyberattacks targeting large organizations both in France and internationally. “Thanks to the immediate mobilization of our technical teams and specialized service providers, the situation was quickly brought under control,” the statement read. It further emphasized that daily activities are proceeding under complete security while forensic work continues.
Beyond the alleged trove of supporter and staff data, the hacker also asserted that the breach compromised over 2,050 Drupal content management system accounts. This batch reportedly includes access for 34 club staff members and an additional 1,770 contributors and moderators. On the forum, the threat actor advertised the sale of the “dump,” referencing the club’s iconic status, its online merchandise boutique, and its extensive membership programs.
While Olympique de Marseille has not yet independently verified the extent of the data breach claimed by the hacker, the organization has taken serious procedural steps. The club has formally reported the incident to the French data protection authority (CNIL) and filed a legal complaint with authorities. Supporters have been advised to exercise increased vigilance against potential phishing attempts and to report any suspicious communications.
This cybersecurity event follows another recent incident within French football. Last November, the French Football Federation (FFF) disclosed a separate data breach where attackers accessed administrative management software used by various clubs through a compromised account. A spokesperson for Olympique de Marseille was not immediately available for further comment on the current situation.
(Source: Bleeping Computer)
