< Back to all clusters
[TECHNOLOGY] · Switzerland, Australia, United States · 2 sources

FIFA World Cup streaming platform exposed by access‑control flaw

Security researcher BobDaHacker discovered a misconfigured access‑control system on FIFA's Microsoft Entra tenant that protected the World Cup 2026 streaming platform. By completing an agent registration, she gained a tenant account that bypassed client‑side checks, exposing live RTMP stream keys, camera‑feed controls and the Commentator Information System. The flaw would have allowed a single attacker to hijack all broadcast cameras, alter match statistics, or inject unauthorized content such as a rickroll into every TV network worldwide.

FIFA did not have a bug‑bounty program and did not respond to the researcher’s reports. The vulnerability was reported to U.S. agencies – CISA and the FBI – and to video‑technology company MediaKind, and it was patched quickly after disclosure. The incident highlights how weak authentication and role‑based access controls can endanger high‑profile global events.