GP Blog reports:
An FIA website containing sensitive information and documents relating to drivers, including Max Verstappen, has been hacked.
Whilst this was not a malicious hacking attempt, the hackers were able to access sensitive personal information of any driver they chose.
The FIA’s Driver Categorisation website contains the details of almost 7,000 drivers.
The hackers, who breached the website in June, have stated they neither accessed nor retained sensitive information relating to anyone found through the hack and reported their findings to the FIA immediately.
[…]
How did they do it?
The hackers were able to compromise the FIA’s Driver Catergorisation website by registering an ordinary user account, then took advantage of vulnerabilities to gain administrator privileges.
Security researcher Ian Carroll revealed: “We stopped testing after seeing that it was possible to access Verstappen’s passport, résumé, license, password hash, and PII [personally identifiable information.
“This data could be accessed for all F1 drivers with a categorisation, alongside sensitive information of internal FIA operations.
Read more at GP Blog.
