A security researcher, known as BobDaHacker, discovered a critical vulnerability in FIFA's client-side authorization system for the 2026 World Cup streaming portal. By uploading a photo of her ID, she gained access to the live production streaming management panel, which controlled every match's broadcast output. Despite the severity, the researcher did not exploit the flaw, instead attempting to alert FIFA, MediaKind, HBS, CISA, and the FBI. The issue was a lack of server-side enforcement, where the frontend checked authorization but the backend did not. FIFA has since fixed the vulnerability, but the researcher has not received a response or bug bounty acknowledgment. AI
RANK_REASON The item describes a security vulnerability in a specific product (FIFA's streaming portal) and its resolution, rather than a new release or major industry shift.
Read on Mastodon — sigmoid.social →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
