The leaked information from Sportadmin, which has over a million Swedish users, risks being sold on or used to harm society. The app has been down for two days following the cyber attack.
– They want to survey our society, be able to influence us, and in the worst case even harm us, says Marcus Murray, cyber security specialist.
The cyber attack occurred on Thursday, by an external and unknown actor.
Sportadmin, is used by around 1,700 sports associations in the country and has over a million children and adults as members. It is used, among other things, to administer training opportunities and association information.
The data breach led to the system being shut down completely for two days.
The father: “Concern in the ranks”
Data has been leaked in connection with the cyber attack, but what and how much is unknown. In addition to parents and young people being bothered by not being able to get information about training and matches in the app, the attack has caused concern.
One user is Tore Berglund from Stockholm, who is the father of children who play soccer.
– We don’t yet know what has leaked. There is some concern in the ranks. It is sad that someone exposes us to this and leaks information that they can use for other purposes, he says.
Expert: “They want to map our society”
Since this attack involves an unknown actor, probably professionally coordinated, there are high risks with the data leak. That’s according to Marcus Murray, cybersecurity specialist at Truesec.
– There are antagonistic states that collect information about our citizens. They want to survey our society, be able to influence us, and in the worst case even harm us, he says.
The leaked information can very well be sold on, says Marcus Murray. It is also serious if an actor who wants to harm Swedish society comes across large amounts of information.
– We see a trend where the threat actors collect more data. And then you run it together, and then you make very interesting mappings. Then you can carry out very problematic influence operations, or attacks, says the cyber security specialist and continues:
– An attack that happened a short time ago concerned a company where location data was taken. In this way, you could see which people and phones were in a certain place. An example was that you can see exactly who is in a certain defense facility. It’s very sensitive.
The app works again: “Safe environment”
On Saturday night, the app is working again for iPhone users.
According to Jennie Everhed, communications manager at Lime Technologies (parent company of Sportadmin), it is safe to use the app.
– It is a completely new and safe environment. Those who have an iPhone, which is the majority of users, can use the app again, she says.
As a security measure, all managers will be required to change their password, the company writes on its homepage.