FIFA Bug Exposed World Cup Streams to Remote Takeover

A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.

June 18, 2026

An egregious access control vulnerability in FIFA's Microsoft Entra environment allowed an ethical hacker to gain direct control over global World Cup television streams, match management systems, and more.

Not since 1962, when USSR vice admiral Vasily Arkhipov saved the human race by refusing to consent to a nuclear missile launch, has humanity been spared such a potentially horrific fate as it was just a few days ago.

On June 14, a hacker named "BobDaHacker" discovered that the international soccer governing body's entire online infrastructure was thinly guarded from any random hacker on the Internet. With an easily crafted fake account, they managed to reach all of the systems used to run the World Cup. If BobDaHacker had worse intentions, they could have easily blacked out the tournament for global audiences or even replaced everyone's television streams with pornography. Instead, they invested unusual effort in responsibly reporting the issue.