Yahoo Survivor Football bug let players pick winners after NFL games were over

Siva Ramakrishnan
A bug on a popular Yahoo sports betting platform appears to have allowed people to cheat by placing bets after the games had already been decided.

A bug on a popular Yahoo sports betting platform appears to have allowed people to cheat by placing bets after the games had already been decided.

The issue affecting Yahoo’s Survival Football game was discovered by a discerning player who noticed that one of his opponents kept winning thanks to games played on Thursday nights.

In a Reddit post and YouTube video explaining the issue, an unidentified player said he became curious after one of his opponents kept making improbably correct choices on the winners of NFL games played on Thursdays, when there is typically only one game.

In so-called survivor pools, players can compete against a group of people and whoever has the longest streak of correct picks wins. When a player picks a team that loses, they are eliminated.

The league started with 100 players and is now down to just four people. But one player pulled off three straight wins by picking underdogs on Thursdays.

“So now we’re thinking…once is happenstance. Twice is coincidence…but three times?? That’s enemy action. We were watching to see if he entered a pick when that Thursday game started, no pick was shown for him,” the player wrote in a post on Reddit.

“We checked again as the game was winding down in the 4th quarter when it was clear that the Raiders would win. Still no pick. We took a screenshot of this and it shows the time being 9:58 pm Central time. We checked again on Friday and low and behold, he has the Raiders selected.”

The user created another league with several dummy accounts last week and tested out a scheme where he opened two different browsers before the Thursday game between the Minnesota Vikings and Cincinnati Bengals.

One window showed all of the players in the league, and the other had a pending pick for one of his accounts. He left the browser windows open for the entire Thursday game, then after the Bengals won the option was still available to choose them as a winner. He clicked on the Bengals and when he refreshed the page, it confirmed that he had chosen the Bengals and won the week.

“To confirm this, I did the same thing for the 2nd Saturday game, Steelers vs. Colts. As the final few seconds wound down and the Colts were about to win, I selected the Colts for another dummy team in this test pool and again the pick was accepted after the game was over,” he said.

“On Friday, we did contact Yahoo support with these concerns and they gave us the brush off saying there is no way to verify exactly when the picks were made and that there is no way to enter a pick after the game has started.”

The user said some leagues play with real money so the scam could have financial implications for some players. They did not respond to a request for comment.

A spokesperson for Yahoo Sports told Recorded Future News: “This issue is resolved and we continue to focus on providing the best possible game experience.”

They did not respond to further questions about how long this vulnerability has been in the game, whether those exploiting it would be removed from pools or how anyone would know if the issue is fixed if the company did not announce it.

The person who discovered the issue said on Wednesday that they still have not heard from Yahoo despite multiple attempts to contact the company about potential ways to rectify the scheme.

“I, along with our league [commissioner], have tried emailing them and we are simply ignored. Terrible! We really want to kick this guy out, but without that timestamp, we don’t have the smoking gun,” he said.

“I’m not looking for Yahoo to fix it at this point, the damage is done. We just want them to give us the data we need. It has just soured the whole league for us and puts us in a bad position.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

FTC proposes tougher children’s data privacy rules for first time in a decade

Next Post

German police take down Kingdom Market, a darknet emporium of illicit goods

Related Posts

OpenAI, Meta, TikTok Disrupt Multiple AI-Powered Disinformation Campaigns

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true identity. These activities, which were detected over the past three months, used its AI models to
Read More

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply
Read More