AFC Suffers Massive Data Breach, Exposing Sensitive Information of 150,000+ Members The Asian Football Confederation (AFC), the governing body for football in Asia, has reportedly fallen victim to a significant cyberattack, resulting in the exposure of highly sensitive data belonging to over 150,000 members. The breach, described by the threat actor as the "largest in football history," was advertised on the dark web marketplace PwnForums over the weekend. The leaked records allegedly include passport scans, contracts, emails, and detailed player information, with data tied to prominent clubs such as Al Nassr FC home to stars like Cristiano Ronaldo, Sadio Mané, and Marcelo Brozović. Samples posted by the attacker also revealed full legal names, dates of birth, nationalities, player positions, AFC IDs, club affiliations, match details, and venue information. Cybersecurity researchers at Dataminr warned that the combination of passport scans, verified email addresses, and contract data creates a high-risk scenario for financial fraud, contract manipulation, and targeted social engineering attacks against high-profile athletes. The threat actor, identified as a "forum-level operator," claimed assistance from the notorious ShinyHunters group to lend credibility to the leak, though no direct affiliation was confirmed. As of the latest reports, the AFC has not issued an official statement regarding the breach. The incident underscores the growing threat to sports organizations and the potential for cybercriminals to exploit stolen data for malicious purposes.