Bayern Munich reward someone with signed Thomas Müller shirt for hacking their website

Normally when you get hacked by an individual from somewhere around the world, you’d exude every negative emotion there is, right? Well in the case of Bayern Munich, they were actually happy that they got hacked. Why? Confidential information was at risk of being exposed, and this hacker helped solve that issue.

Daniel Martins, also called “Ghost”, is a Bayern Munich fan who is an expert at information security. When he checked in on Bayern’s website, he discovered configuration issues that can lead to confidential stuff such as financial information being leaked.

Photo by AMA/Corbis via Getty Images

“As soon as I found the fault, immediately, at dawn, I made a report and sent it to them”, Martins said to The Sun (via Daily Mail). “They took a while to fix it and didn’t even respond to me at first. But a journalist from Globo (Daniel Mundim) saw this fact and helped me get in touch with them. Successfully. They corrected it, and as a way of thanking me they sent me a shirt signed by the club’s biggest idol, Thomas Müller.’

Daniel went into detail on what was wrong:

“I explored and found a vulnerability of the ‘information disclosure’ type, which roughly speaking is a kind of information leak due to bad configuration. It basically occurs when a site unintentionally reveals confidential information to its users. Depending on the context, sites can leak all kinds of information to a potential attacker.”

Massive props to Daniel for helping Bayern out. Shame he couldn’t hack into the players and turn them into prime 2019-20 Bayern, would’ve done us good.