All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Vulnerabilities in FIA Driver Platform Exposed Formula 1 Drivers' Personal Data

By

galnagli

7mo ago· 4 min readenNews
Bagel score 65 of 100
65/100
Toasty
Bagelometer

Toasted to a respectable shade. No regrets, no crumbs left.

Score65TypenewsSentimentnegative

Summary

Security researchers discovered vulnerabilities in the FIA's Driver Categorisation platform that allowed unauthorized access to sensitive personal information of Formula 1 drivers, including Max Verstappen's passport data and password hashes. The researchers attended F1 cybersecurity events and decided to test the security of supporting websites, finding critical flaws in the official FIA system that exposed driver PII.

Key quotes

· 3 pulled
Companies like CrowdStrike and Darktrace spend millions of dollars sponsoring teams, while others like Bitdefender have official partnerships to be a racing team's cybersecurity partner.
We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.
Having been able to attend these events by hoarding airline miles and schmoozing certain cybersecurity vendors, Gal Nagli, Sam Curry, and I thought it would be fun to try and hack some of the different supporting websites.
Snippet from the RSS feed
We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.

You might also wanna read

PitWall: macOS App for Live Formula 1 Timing and Standings in Menu Bar

PitWall is a native macOS application that provides live Formula 1 timing and standings data directly in the Mac menu bar, allowing users to

Product Hunt·2mo ago

Edmunds Data Breach: 178,000 Records Exposed by ShinyHunters Hacking Group

In January 2026, the automotive research and car-shopping platform Edmunds was breached by the ShinyHunters hacking group. The compromised d

haveibeenpwned.com·9m ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·1h ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·1h ago

Iran threatens to charge undersea cable operators in Strait of Hormuz, highlighting vulnerability of global internet infrastructure

Iranian state-linked media has proposed charging operators of undersea internet cables in the Strait of Hormuz for access to what Iran claim

japantoday.com·1h ago

Google Ads to require passkeys for sensitive account actions starting July 15, 2026

Google Ads will mandate passkeys for sensitive account actions starting July 15, 2026, replacing traditional passwords with biometric or dev

ppc.land·2h ago