Friday, September 23, 2022 – Bayern Munich fan Daniel ‘Ghost’ Martins has been rewarded by the German Bundesliga champions after hacking into the club’s website and revealing security flaws to the club.
Martins, an expert in information security, opted to check the website of his beloved side to ‘somehow help the team’. He quickly found that there were configuration issues, and that confidential data including financial information was at risk of being exposed.
He reported his findings to the club, and after initially not receiving a response, he finally got a reply as Bayern thanked Martins by sending him a signed Thomas Muller shirt.
‘As soon as I found the fault, immediately, at dawn, I made a report and sent it to them,’ Martins told The Sun.
‘They took a while to fix [it] and didn’t even respond to me at first.
‘But a journalist from Globo (Daniel Mundim) saw this fact and helped me get in touch with them. Successfully.
‘They corrected it, and as a way of thanking me they sent me a shirt signed by the club’s biggest idol, Thomas Muller.’
Martins then went into further detail on exactly what the issue was that he discovered.
‘I explored, and found a vulnerability of the ‘information disclosure’ type, which roughly speaking is a kind of information leak due to bad configuration,’ he added.
‘Basically it occurs when a site unintentionally reveals confidential information to its users. Depending on the context, sites can leak all kinds of information to a potential attacker.’
0 Comments