Dec [{(
)}]FIFA was offside on OPSEC.
"My NO_ROLES account had access to the entire platform."
"The Management tab on fdp,fifa,org has write operations. And the backend accepts them from a NO_ROLES account."
"My account could see every editorial note, every pre-match stats kit, every talking point prepared for every match."
"FIFA never responded.
Not to acknowledge the report.
Not to say thank you.
Not to discuss compensation.
Nothing."
https://bobdahacker.com/blog/fifa-hack
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.