The biggest World Cup in history is also generating the biggest cybercrime haul in streaming history. HUMAN Security’s Satori Threat Intelligence Research Team released findings on June 30 showing a massive spike in stolen streaming credentials being traded across dark web marketplaces, with threat actors capitalizing on global demand for unauthorized access to tournament matches.
The numbers behind the breach
HUMAN Security’s Satori update cited 802,000 compromised streaming accounts released by threat actors in June 2026 alone, marking a record high. The US Department of Justice moved in parallel, seizing approximately 400 illegal streaming domains on June 29, one day before HUMAN published its report.
Federal authorities warned that these sites don’t just steal your login credentials. They actively expose visitors to malware, turning a casual attempt to watch a group-stage match into an open invitation for trojans and credential harvesters.
Thousands of fake FIFA-branded domains and credential-theft operations were documented in early June, setting the stage for what became a sprawling cybercrime ecosystem built around the tournament.







