Football

Argentine Football Association hit by massive data breach after developer’s infected PC

A single infostealer compromised credentials, leading to database leaks, mass spam, and a shadowy sale of AFA subdomains

The Argentine Football Association, known by its Spanish acronym AFA, confirmed that a coordinated cyber‑attack forced the suspension of several of its online services earlier this month. The incident, traced to a compromised developer workstation, exposed a trove of internal data and raised alarms across the sports community.

According to investigators, the breach originated on September 8, 2025, when malware of the infostealer family infected a computer used by a software developer employed by the federation. The malicious code harvested login details that had been dormant for months, storing them in hidden logs that later fell into the hands of a cyber‑criminal group.

Armed with those credentials, the attacker escalated privileges and accessed critical administration panels, including phpMyAdmin interfaces hosted on afa05‑new.afa.org.ar and acreditaciones.afa.com.ar. From there, the intruder extracted database dumps, posted portions of the data on public forums, and leveraged the stolen information to craft mass‑mail campaigns that appeared to originate from genuine AFA domains.

The fallout and the hunt for control

The leaked records revealed personal email addresses, phone numbers, user roles and hashed passwords belonging to staff, officials and partners. Beyond the immediate reputational hit, the breach opened a marketplace for subdomains tied to the federation, with the hacker reportedly negotiating sales on illicit forums. Security analysts warn that the episode underscores how a single, unchecked infection can cascade into a systemic crisis for a high‑profile organization.

The episode serves as a stark reminder for sports bodies and other institutions that proactive monitoring of credential health, rapid detection of anomalous activity, and robust incident‑response planning are essential defenses against modern infostealer threats.

Published by SocketNews.com powered news Editorial Team Structured news coverage generated from verified editorial data fields. About Editorial Policy Contact