Taking a loan for a world star has become easier.
In the football world, a loud scandal is brewing, which can hit not only clubs, but also at the players themselves. In the network there was a statement about a large data leak, which affected the Asian football confederation and the Saudi club Al Nassr.
On April 27, 2026, an unknown person posted a message on the publication of a database on a hacker forum, which, according to him, contains more than 150 thousand records. We are talking about the passports of players and coaches, contracts, e-mail addresses and registration data of tournaments. The author claims that the distribution of data involved the group ShinyHunters and calls the incident the largest leak in the history of football.
The situation makes the proximity of the 2026 World Cup especially dangerous, which starts on June 11. The tournament involves the national teams of the Asian Confederation, which means that the leaked data can directly apply to current players and officials. The database allegedly contains not only contact information, but also scans of passports, including diplomatic documents.
The data mentions full names, numbers and copies of passports, dates of birth, citizenship, clubs, positions on the field and the parts of the matches. Such information allows not only to identify a person, but also to build complex fraudulent schemes.
Particular risk is related to financial transactions. Contracts reveal salaries, terms of transition, agent data and bonuses. In combination with confirmed e-mail addresses, such information opens up the possibility for convincing BEC-attacks with the substitution of business correspondence. Fraudsters can pretend to be agents or representatives of clubs and require transfers under the guise of payments or transfers.
There is another side of the problem. Full copies of passports together with personal data allow you to open accounts, issue loans or create fake identities. For well-known players with large incomes, such a scenario is especially sensitive. The author of the publication, judging by the style of the message, is familiar with the football environment and even tries to foment disputes among fans. At the same time, the main motive looks quite pragmatic - money, although attempts to hit the reputation of football structures are not excluded.
The incident is superimposed on recent problems within the Asian confederation itself. In March, the organization was already in the spotlight due to the story of fake passports from the players of the national team of Malaysia. In parallel, Al Nassr was involved in the disputes over the management of the league in Saudi Arabia.
Football organizations are generally vulnerable. Clubs and federations actively use third-party services to register players, transfers and contract management. Each such integration can become the entry point to attack.
Against the background of leakage, federations and agents should reconsider the approach to data protection. Verification of document repositories, restriction of access, control of third-party services and additional verification of financial transactions through alternative channels become necessary. Particularly carefully will have to work in the summer transfer window, when the volume of transactions traditionally reaches a peak.
Players and coaches in such a situation better monitor banking operations and exercise caution with any emails related to money or contracts. Even one convincing letter can be too expensive.
In the football world, a loud scandal is brewing, which can hit not only clubs, but also at the players themselves. In the network there was a statement about a large data leak, which affected the Asian football confederation and the Saudi club Al Nassr.
On April 27, 2026, an unknown person posted a message on the publication of a database on a hacker forum, which, according to him, contains more than 150 thousand records. We are talking about the passports of players and coaches, contracts, e-mail addresses and registration data of tournaments. The author claims that the distribution of data involved the group ShinyHunters and calls the incident the largest leak in the history of football.
The situation makes the proximity of the 2026 World Cup especially dangerous, which starts on June 11. The tournament involves the national teams of the Asian Confederation, which means that the leaked data can directly apply to current players and officials. The database allegedly contains not only contact information, but also scans of passports, including diplomatic documents.
The data mentions full names, numbers and copies of passports, dates of birth, citizenship, clubs, positions on the field and the parts of the matches. Such information allows not only to identify a person, but also to build complex fraudulent schemes.
Particular risk is related to financial transactions. Contracts reveal salaries, terms of transition, agent data and bonuses. In combination with confirmed e-mail addresses, such information opens up the possibility for convincing BEC-attacks with the substitution of business correspondence. Fraudsters can pretend to be agents or representatives of clubs and require transfers under the guise of payments or transfers.
There is another side of the problem. Full copies of passports together with personal data allow you to open accounts, issue loans or create fake identities. For well-known players with large incomes, such a scenario is especially sensitive. The author of the publication, judging by the style of the message, is familiar with the football environment and even tries to foment disputes among fans. At the same time, the main motive looks quite pragmatic - money, although attempts to hit the reputation of football structures are not excluded.
The incident is superimposed on recent problems within the Asian confederation itself. In March, the organization was already in the spotlight due to the story of fake passports from the players of the national team of Malaysia. In parallel, Al Nassr was involved in the disputes over the management of the league in Saudi Arabia.
Football organizations are generally vulnerable. Clubs and federations actively use third-party services to register players, transfers and contract management. Each such integration can become the entry point to attack.
Against the background of leakage, federations and agents should reconsider the approach to data protection. Verification of document repositories, restriction of access, control of third-party services and additional verification of financial transactions through alternative channels become necessary. Particularly carefully will have to work in the summer transfer window, when the volume of transactions traditionally reaches a peak.
Players and coaches in such a situation better monitor banking operations and exercise caution with any emails related to money or contracts. Even one convincing letter can be too expensive.
