English
What is Ethical Hacking and Why It Matters in 2026
Ethical hacking, also known as white-hat hacking, involves security experts intentionally probing computer systems for vulnerabilities with the owner's consent to identify weaknesses before malicious actors can exploit them. In a concerning development that has sent shockwaves through the cybersecurity community, Dutch football club Ajax Amsterdam has filed criminal charges against ethical hacker Abdoul Rasnab, who discovered critical data breaches in the club's systems in both 2017 and 2025. This unprecedented legal action against a white-hat hacker threatens to undermine the responsible disclosure framework that protects millions of users worldwide.
The Ajax Data Breach Timeline: From 2017 to 2025
The current controversy stems from two separate security incidents at one of Europe's most prestigious football clubs. In 2017, Rasnab discovered a vulnerability in Ajax's ticketing system that allowed access to customer and employee data, including information about club legend Sjaak Swart. According to documents obtained by BNR, the club forced Rasnab to sign a non-disclosure agreement with then-director Edwin van der Sar, effectively burying the breach.
Fast forward to 2025, and Rasnab discovered another critical vulnerability affecting over 300,000 fans and 42,000 season tickets. The security flaw in the Ajax app allowed unauthorized access to personally identifiable information (PII) and enabled manipulation of accounts to transfer season passes and match tickets. 'This is exactly why we need ethical hackers,' says cybersecurity expert Lisa de Wilde. 'The same vulnerability could have been discovered by someone with malicious intent, potentially causing far greater damage.'
How Ethical Hacking Protocols Work
Responsible disclosure follows specific guidelines that ethical hackers must adhere to:
- Obtain permission before testing systems (when possible)
- Use the least intrusive methods to demonstrate vulnerabilities
- Report findings directly to the organization
- Maintain confidentiality until issues are resolved
- Avoid accessing or copying sensitive data unnecessarily
The Dutch government's official cybersecurity framework explicitly encourages responsible disclosure through the National Cyber Security Centre (NCSC), offering legal protection for researchers who follow established protocols.
The Legal and Ethical Dilemma: Prosecution vs. Protection
Ajax's decision to file charges against Rasnab represents a dangerous precedent that could have chilling effects on cybersecurity research worldwide. 'At the moment ethical hackers are prosecuted, a worrying situation arises in my opinion,' warns De Wilde. 'Ethical hackers will become afraid and may be less likely to do this work. With all the consequences that entails.'
Cybersecurity experts argue that organizations should be grateful when white-hat hackers identify vulnerabilities before criminals do. The alternative—undiscovered security flaws remaining in systems—poses far greater risks to consumer data and organizational integrity. Similar to how data breach notification laws have evolved globally, legal frameworks need to adapt to protect ethical researchers acting in good faith.
Comparison: Ethical vs. Malicious Hacking
| Ethical Hacking | Malicious Hacking |
|---|---|
| Seeks permission when possible | Operates without authorization |
| Reports vulnerabilities responsibly | Exploits vulnerabilities for gain |
| Protects user data during testing | Steals or compromises data |
| Works to improve security | Seeks to damage systems |
| Follows responsible disclosure | Conceals activities |
Impact on Global Cybersecurity Practices
The prosecution of ethical hackers threatens to reverse years of progress in cybersecurity collaboration. Organizations that punish researchers who identify vulnerabilities create disincentives for the very people who could help prevent catastrophic breaches. 'These are people who often search for vulnerabilities in their free time to prevent impact on society,' emphasizes De Wilde, highlighting the voluntary nature of much ethical hacking work.
The case also reveals broader issues in how organizations handle cybersecurity. Many companies still don't take digital security seriously enough, reacting defensively rather than gratefully when vulnerabilities are exposed. This defensive posture can lead to covering up breaches rather than addressing them transparently—a practice that ultimately harms consumers and erodes trust.
Frequently Asked Questions About Ethical Hacking
What is the difference between ethical hacking and illegal hacking?
Ethical hacking involves identifying security vulnerabilities with permission or through responsible disclosure to help organizations improve their security. Illegal hacking involves unauthorized access with malicious intent.
Are ethical hackers protected by law in the Netherlands?
The Dutch government's responsible disclosure policy provides guidelines and some protection for researchers reporting vulnerabilities in government systems, but private organizations like Ajax are not bound by these same protections.
What should organizations do when ethical hackers report vulnerabilities?
Organizations should thank researchers, investigate the reported issues promptly, fix vulnerabilities, and consider offering bug bounties or recognition rather than pursuing legal action.
How common are data breaches in sports organizations?
Sports organizations have become increasingly targeted by cybercriminals due to their valuable fan data, financial transactions, and high-profile nature. The Ajax breach affecting 300,000 fans is one of the largest in European sports history.
What are the potential consequences of prosecuting ethical hackers?
Prosecution could deter security researchers from reporting vulnerabilities, leaving systems unprotected, increasing overall cyber risk, and potentially leading to more severe breaches going undetected.
Sources
FC Update: Ajax Data Breach Coverage
TechRadar: Ajax Data Breach Analysis
Follow Discussion