Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
FIFA News Soccer Sport All topics
Systems Apparently Misconfigured

Security Flaw at FIFA Could Have Jeopardized World Cup Broadcasts

FIFA logo.
Millions of viewers suddenly stopped watching the FIFA livestream. Photo: Getty Images
Share article

June 19, 2026, 10:18 am | Read time: 3 minutes

A security researcher claims to have discovered a vulnerability in FIFA’s systems. The expert reportedly gained access to internal areas through an official FIFA portal that are typically off-limits to regular users.

According to her own statements, the researcher, known as “BobDaHacker,” initially logged into a FIFA portal for partners and agents in a standard manner. However, during her analysis of the underlying systems, she noticed that access rights were apparently not correctly configured everywhere.

This allowed her to access internal applications and administrative interfaces that should not be accessible to ordinary users. Such errors are among the most common security issues on the internet. This is referred to as “Broken Access Control”–inadequately protected access rights.

Why the Vulnerability Was So Critical

Only upon closer analysis did it become clear how far-reaching the consequences of the vulnerability could have been. According to her own account, the hacker encountered systems used for the distribution and management of official FIFA broadcasts.

In her assessment, an attacker could have influenced not just individual livestreams. It would have even been possible to manipulate camera feeds, overlays, or other content of the global TV broadcast. In her blog post, she writes that a single attacker could theoretically have taken over all cameras simultaneously.

BobDaHacker herself did not go further than necessary. She documented the vulnerability and informed FIFA. In her report, she jokingly wrote that theoretically, the entire World Cup could have been “rickrolled”–millions of viewers would have suddenly seen the well-known music video by Rick Astley instead of the actual program.

Whether an attacker could have actually gained full control over the broadcasts cannot be independently confirmed from the outside.

FIFA Closed the Gap Within Hours

Equally problematic as the vulnerability itself was likely the communication with FIFA. In her blog post, BobDaHacker writes that she made a total of ten attempts to alert the football association to the issue through various channels. According to her, she received no response, so she eventually involved the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Only then did the situation gain momentum, and the vulnerability was closed the next day.

Also of interest: All the Details on the 2026 World Cup at a Glance

However, there was reportedly no direct response from FIFA. Her conclusion is accordingly critical. “If a researcher has to call CISA and the FBI to reach you, something is wrong.”

Additionally, BobDaHacker recommends that FIFA introduce a so-called bug bounty program. This would allow security researchers to report vulnerabilities and potentially receive financial rewards. Furthermore, the association should publish a clear guideline on how security vulnerabilities can be reported. “You host the world’s largest sporting event,” she justifies her criticism.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.