Reveal The Personal Details Of Over Two Million Users Reveal The Personal Details Of Over Two Million Users

By | September 1, 2011 at 12:30 pm | 2 comments | General | Tags: ,

With the start of the English Premier League now behind us the race has been on to capture sign ups to fantasy football leagues by many organisations including Sky Sports, The Sun and the official fantasy football of the Premier League.

I’ve been using the official Premier League for over 4 years now (with over 2 million other players) and during my usual recycling of passwords I was unable to access my account and I have had to request a new password. I’ve been unable to receive these despite direct emails to their support group and countless retries. During this time I was trying to find ways to at least access my team so I could create a new team and I discovered a flaw in the recent redesign of the Premier Leagues Fantasy Football website – a redesign that didn’t exactly go off without a hitch!.

Access Users Real Names

As part of the sign up process you are asked to create a team name and join leagues that are organised by companies, organisations and friends alike. When you join a league you allow your name to be seen by others in that league. Unfortunately you are able to see the names of other users of in other leagues – even without an account!

An example of a Fantasy Football league showing real names of users

An example of a Fantasy Football league showing real names of users

By following a specific URL (e.g. you can access any league currently setup on and gain access to the personal names by changing the league ID.

The’s privacy policy (which you cannot link to on their new website strangely enough) states:

8. Any personal information which you submit will be controlled in accordance with The Premier League’s privacy policy and all UK legislation governing the same. For the avoidance of doubt, we will not disclose your personal information to any other Player unless a) this is restricted to those details in clause 19-20, or b) if we are required to do so by a competent authority or court within the United Kingdom.

Despite the above clause you can quite clearly gain access to personal information.

19. The winners’ names will be published on the Site by the 28th day of the month following the month in respect of which the Monthly Prize is awarded in respect of winners of Monthly Prizes and by Friday 22nd June 2012 in respect of the winner of the Winner’s Prize; or alternatively winner’s names can be obtained by sending a stamped self-addressed envelope to Fantasy Premier League, The Premier League, 30 Gloucester Place, London W1U 8PL.

20. Subject always to terms 30-34 below, Players’ names and addresses and the winners’ photographic images and their comments relating to any Prize may be used without limitation for future promotional, marketing and publicity purposes of The Premier League in any and all media worldwide without notice to them and without any fee being paid.

It’s not a full-blown privacy leak, but when coupled with the team names of certain users, it could be embarrassing given the questionable nature of some of the team names involved.

About the Author

Kev Strong

Kev Strong is an online marketing consultant at Newcastle Upon Tyne based digital marketing agency, Mediaworks. A lover of all things search and an ex-web developer, Kev Strong (a.k.a Goosh) is a specialist in advanced search engine optimisation.


  1. Al Bargera (10 years ago)

    Interesting article, you know what else is a major privacy leak? The Phonebook.

    Seriously, an open directory with peoples names coupled with idiotic team names can not be considered a privacy issue at all.

    • Kev Strong (10 years ago)

      Thanks for the comment. Whilst the phonebook does indeed list names, at least it does it without breaking the privacy policy of your telephone supply contract.