Football fans urged to avoid scoring cyber own goal

With millions streaming matches online due to the pandemic, advice has been issued on how to secure accounts.

The NCSC is urging football fans to secure their streaming accounts from hackers.

Eight months have elapsed since the popular football anthem 'It's Coming Home' took on a new meaning due to coronavirus.

Instead of packing out stadiums, fans have streamed matches online from their sofas.

But while this has helped protect fans from Covid-19, it has exposed them to a different threat - cyber crime.

Earlier this year, the UK's National Cyber Security Centre (NCSC) revealed that almost 700,000 accounts had been compromised through hackers guessing a device’s passwords as ‘liverpool’, ‘chelsea’ or ‘arsenal’.

As well as illegally watching the game the victim has paid for, the hackers could make unauthorised purchases on the platform or look to find personal information that could be used for further scams – including targeting them with scam emails or phone calls.

To help combat the problem, the NCSC has urged fans to take some basic steps, which form part of the NCSC’s Cyber Aware behaviours, to keep their accounts secure. This includes creating a password that is made of three random words, and ensuring you download the latest update for apps on devices streaming the games. Last year the NCSC exposed the most compromised passwords in the world – with 23.2 million accounts breached by hackers guessing the password ‘123456’.

The organisation also revealed hundreds of thousands of compromised accounts were protected using popular football team names (liverpool 280,723; chelsea 216,667; arsenal 179,095; manutd 59,440 and everton 46,619).

With matches being played behind closed doors for the foreseeable future, fans can secure their viewing experience by:

  • Refreshing accounts: Fans should consider resetting their password. The NCSC is increasingly seeing hackers use credentials stolen in past security incidents to hijack streaming accounts using the same compromised details. If you’re using the same password for your sports streaming accounts that you’ve used multiple times in the past – it’s time for a reset.

  • Setting a strong password: The NCSC recommends using a password that’s separate to your email password and made up of three random words. You can then save this strong password in the browser so you don’t have to worry about remembering it.

  • Updating streaming apps: Cyber criminals exploit weaknesses in apps to access your sensitive personal data. Providers regularly issue patches to these exploits in updates – you’re vulnerable without them so we urge every fan to make sure their streaming apps are updated. To make it simple going forward, we recommend turning on automatic updates.


Further information

Cyber Aware is a cross government effort delivered by the NCSC working alongside the Home Office, the Cabinet Office and the Department for Digital, Culture, Media and Sport (DCMS). It urges people to protect their data, passwords, the accounts they protect and the devices they use to access them.

The campaign’s top tips for staying secure online are:

  1. Create a separate password for your email – your email is the way into all your online accounts so keep it safe with a unique password. 

  2. Create strong passwords using three random words – the longer your password, the harder it is to hack. Just connect three random words you’ll remember. Start with your most important accounts. 

  3. Save your passwords in your browser – remembering lots of passwords can be difficult, but if you save them in your browser you don’t have to and it’s safer than re-using the same password for all your accounts. 

  4. Turn on two-factor authentication (2FA) for important accounts – this free security feature adds an extra layer of protection online and stops cyber criminals getting into your accounts, even if they have your password.

  5. Update your devices regularly (ideally set to ‘automatically update’) – using the latest software, apps and operating system can fix bugs and immediately improve your security. 

  6. Back up important data – if your device is compromised by a cyber criminal your sensitive personal data can be lost, damaged or stolen. Keep a copy of your important information by backing it up.

More information on the Cyber Aware campaign can be found at:


READ MORE: 'Cyber security should be top priority for business'


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.