FIA responds as shock security hack targets Verstappen’s private info
Max Verstappen's private data was hacked on the FIA driver portal
Max Verstappen’s private information was targeted by hackers who gained access to the FIA portal that stores data from the Formula 1 drivers, including passports and personal contact details.
But in a hack designed to expose a website’s weakness, not to steal the data, the hackers worked with motorsport’s governing body to resolve the issue, with the FIA telling PlanetF1.com that it took “immediate steps” to secure the drivers’ information.
FIA hacked: Drivers’ private information accessed
⦁ Hackers gained access to private driver information on the FIA portal
⦁ No driver data was downloaded
⦁ FIA took ‘immediate steps’ to resolve the issue
The FIA suffered a serious breach in June this year when three hackers found “a severe vulnerability” in the FIA portal.
Nagli, who bills himself as ‘Hacker’ and ‘Head of Threat Exposure at @wiz_io’, worked with Sam Curry and Ian Carroll and needed all of 10 minutes to find a way to access Verstappen’s private information.
He revealed the hack on X.
“We found a way to access Max Verstappen‘s passport, driver’s license, and personal information. Along with every other Formula 1 driver’s sensitive data,” Nagli wrote.
“It took us 10 minutes using one simple security flaw.
“We were looking at the security of the whole ecosystem. That’s how we stumbled upon a severe vulnerability in a critical portal managed by the FIA that was reported and fixed in <24 hours.”
We found a way to access Max Verstappen\’s passport, driver\’s license, and personal information. Along with every other @Formula1 driver\’s sensitive data.
It took us 10 minutes using one simple security flaw 🧵 pic.twitter.com/jgPUaPb1Ie
\— Nagli (@galnagli) October 22, 2025
Going on to explain the steps he and his two cohorts took, Nagli revealed he could have downloaded Verstappen’s personal information, such as his passport, personal contact details, FIA correspondence and his license documents.
“Important clarification,” he insisted, “we did NOT download or save any passports or sensitive personal information.
“We validated the vulnerability existed, took screenshots for proof, and immediately stopped testing.
“All test data was deleted. No driver information was compromised by us.”
In fact, the three then worked with the FIA to resolve the issue.
“We worked with the FIA to promptly fix the issue,” he explained. “Shoutout to their team for the rapid response and taking the matter seriously.”
FIA responds to security breach
Informed by the hackers of the loophole they had discovered, the FIA was quick to respond to the breach and secure all the information.
An FIA spokesperson told PlanetF1.com: “The FIA became aware of a cyber incident involving the FIA Driver Categorisation website over the summer.
“Immediate steps were taken to secure drivers’ data, and the FIA reported this issue to the applicable data protection authorities in accordance with the FIA’s obligations.
“It has also notified the small number of drivers impacted by this issue. No other FIA digital platforms were impacted in this incident.
“The FIA has invested extensively in cyber security and resilience measures across its digital estate. It has put world class data security measures in place to protect all its stakeholders and implements a policy of security-by-design in all new digital initiatives.”
Not the first time the FIA has been hacked
This isn’t the first time the FIA has had to deal with a hack, having suffered one last year.
Hackers gained access to several email accounts, although the nature of the information and data they were able to obtain wasn’t revealed. Nor was the full scope of the hack.
The FIA did confirm to techradar.com at the time that phishing attacks resulted in “unauthorised access to personal data contained in two email accounts belonging to the FIA.
“The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents and notified the Commission Nationale de l’Informatique et des Libertés (the French data protection regulator), and the Préposé Fédéral à la Protection des Données et à la Transparence (the Swiss data protection regulator).”
Want to be the first to know exclusive information from the F1 paddock? Join our broadcast channel on WhatsApp to get the scoop on the latest developments from our team of accredited journalists.
Read next: Red Bull confirms ‘something up our sleeve’ as McLaren makes MCL39 decision
