Hackers see opportunity in the Winter Olympics and Super Bowl
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
As fans descend on the 2026 Winter Olympics and the Super Bowl this weekend, hackers are gearing up for their own high-stakes contest.
The big picture: Hackers love to target global sporting events, and newer AI tools have made it easier to scale phishing and vulnerability scanning, experts told Axios.
- Scammers could hijack QR codes used around the stadium to send unsuspecting attendees to duped websites and trick them into sharing their personal information.
- Cybercriminals looking to score bragging rights could use distributed denial of service attacks to take down livestreams and other internet-connected services.
- Digital spies could send phishing emails in the hopes of breaking into the systems of governments, sports teams and companies.
What they're saying: "There's just opportunity after opportunity, especially when you're dealing with someone that may just be after reputational crisis or chaos," Dave Russell, senior vice president and head of strategy at Veeam Software, told Axios.
Reality check: Italian officials said Thursday they've already fended off several Russian cyberattacks targeting diplomatic missions and Olympic sites in the lead up to Friday's opening ceremony in northern Italy.
Flashback: In 2018, Russian government hackers successfully disrupted internet access and telecasts and shut down the official Olympics website and mobile app during the Winter Olympics' opening ceremony in Pyeongchang, South Korea.
- In 2022, the San Francisco 49ers faced a cyberattack on its IT network hours before the kickoff for the Super Bowl — even though the team wasn't playing.
Between the lines: Both the Winter Olympics and Super Bowl move locations — meaning their technology stacks need to be taken down and set up each time, leaving opportunities for misconfigurations and security mishaps.
- "Brand new infrastructure stood up. It's geographically dispersed. It's a team that maybe wasn't even a team two years ago, three years ago," Russell said. "The potential for exposure is far greater here than in a controlled environment."
The intrigue: AI tools are making it much easier for even less sophisticated groups to target global events as they speed up reconnaissance and data exfiltration, Russell said.
- "I can choose more wisely where I go to try to attack," he said. "I can get a little better information to be able to try to either use that in my attack or to use that in my conversation (in phishing emails)."
Zoom in: Threats targeting both events are likely to look more personal, including phishing emails offering fake tickets or scammers trying to intercept Apple Pay charges in real life, Ron Kerbs, CEO of scam protection company Kidas, told Axios.
Yes, but: Before each major event, both the NFL and Olympics Committees pour plenty of money into ensuring their big games stay online.
- This year, Cisco spent months helping the NFL protect its servers before the game in the heart of Silicon Valley.
- As of Wednesday, analysts at Flashpoint said they have not seen any credible digital threats specifically targeting this year's Super Bowl.
The bottom line: Kerbs advised everyone attending one of the major games to plan ahead. Figure out what payment information you need and where you're going before heading out.
- Kerbs also warned against entering credit card information onto a mobile site or into a stadium kiosk.
- "Scammers are using urgency tactics or just hoping that you wouldn't notice a small minor detail that would change because you're rushing to get into the game," he added.
Go deeper: What it takes to keep hackers out of the Super Bowl
