I Could've Rickrolled the FIFA World Cup. All I Needed Was My ID
BobDaHacker
20 points
3 comments
June 16, 2026
Related Discussions
Found 5 related stories in 110.6ms across 10,715 title embeddings via pgvector HNSW
- EU Age Verification Hacked in 2 Minutes: What Happened bigbugbag · 12 pts · April 20, 2026 · 47% similar
- Hackers Asked Meta AI to Give Them Access to Instagram Accounts. It Worked pulisse · 22 pts · June 01, 2026 · 43% similar
- EU age verification app hacked, 2 minute How to posted johanstokking · 73 pts · April 17, 2026 · 43% similar
- EU Age Control: The trojan horse for digital IDs gasull · 60 pts · April 26, 2026 · 41% similar
- Nearly a million passports and photo IDs were unprotected on the public internet N_A_T_E · 28 pts · June 16, 2026 · 40% similar
Discussion Highlights (1 comments)
BobDaHacker
Registered on FIFA's public Agent Platform with my ID, got added to their Microsoft Entra tenant, and found the Angular app only checked roles client-side. The backend APIs served everything: RTMP ingest URLs and stream keys for every live World Cup 2026 camera feed across all five angles. Confirmed live in VLC. An attacker could have pushed arbitrary video to the ingest endpoints and replaced broadcast feeds on TV worldwide. Write access to match stats, commentator notes, and the live score system was also exposed.