Particle.news
Download on the App Store
16 ARTICLES
·
15h ago

FIA Confirms Driver Data Breach After Researchers Gained Admin Access to Driver Categorisation Portal

The federation says the issue was fixed in June with notices to affected drivers and regulators.

Max Verstappen had his details exposed in a cyber attack on the FIA. Image: XPB Images
Verstappen was among the drivers targeted
Max Verstappen, Red Bull, Circuit of the Americas, 2025
Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs

Overview

  • Security researchers Ian Carroll, Gal Nagli and Sam Curry escalated a normal account to administrator by exploiting a mass-assignment flaw that accepted client-set role fields.
  • Admin access exposed passports, licences, contact details, internal correspondence and password hashes across a database covering nearly 7,000 drivers, including top F1 names.
  • The site was taken offline on June 3 following the report, and a comprehensive fix was deployed by June 10 in collaboration with the researchers.
  • The FIA states no other digital platforms were affected and that only a small number of drivers were directly impacted, who have been notified.
  • The researchers say they did not download or retain sensitive documents and disclosed the findings publicly this week, leading to an FIA confirmation at the Mexico City Grand Prix.