Bug in FIFA World Cup internal system gave anyone ability to modify TV stream

1 hour ago 1

In Brief

Posted:

11:13 AM PDT · June 16, 2026

Cameramen TV during the FIFA World Cup 2026 Group C lucifer betwixt Brazil and Morocco astatine New York New Jersey Stadium connected June 13, 2026 successful East Rutherford, New Jersey.

A information researcher said she was capable to entree respective interior FIFA platforms owed to a elemental information flaw, which allowed her to ticker and person afloat power of the TV watercourse of each World Cup game.

The researcher, who goes by BobDaHacker, said she simply registered arsenic a subordinate cause connected FIFA’s authoritative cause registration platform. Then, acknowledgment to having that relationship and a flaw successful FIFA’s backend API, which didn’t cheque if a idiosyncratic really had the due authorization, she was capable to entree respective interior FIFA platforms.

This included the strategy that allows broadcasters to power what gets displayed connected people’s TVs crossed the world, and what gets displayed connected commentators screens arsenic they narrate the match, per the researcher.

“A azygous attacker could hijack each camera simultaneously. An attacker could person rickrolled the full FIFA World Cup,” BobDaHacker wrote in a blog post published connected Tuesday.

BobDaHacker reported the flaw connected Tuesday nighttime Japan time, and FIFA fixed the contented a fewer hours later, without ever acknowledging the researchers’ report.

FIFA did not instantly respond to TechCrunch’s petition for comment.

Subscribe for the industry’s biggest tech news