Argentina's Football Association Says Its Email Account May Have Been Hacked After World Cup Win
Someone sent journalists messages from the AFA's official inbox claiming Argentina's victory over Egypt was fixed. The association says it didn't send them.

Key points
- The Argentine Football Association (AFA) warned on an unspecified date in 2025 that one of its official email accounts may have been accessed without permission.
- Emails sent from that account to journalists claimed Argentina "did not win" its 3-2 World Cup comeback victory over Egypt and blamed "corrupt refereeing decisions".
- The AFA said it did not generate or authorise the messages and is investigating.
- AFA sources told Argentine news outlet La Calle that hackers of Egyptian origin were believed to be responsible.
- The AFA is asking anyone who received an unusual message from its account to ignore it, especially if it contains links or asks for personal information.
Argentina were trailing Egypt 2-0 and facing an early World Cup exit before clawing back three goals to win. Then the inbox drama started.
After the match, emails arrived in journalists' inboxes carrying the AFA's official address. The messages said Argentina had not really won, and that the result came down to corrupt officials. They also praised Egypt's performance. As BBC News first reported, the Egyptian Football Association had already asked FIFA, the sport's global governing body, to remove French referee Francois Letexier from the tournament, alleging he had favoured Argentina.
Could those emails have actually come from the AFA?
No. The AFA says its own staff did not write or send them. In a public statement the association said it had "detected the possible sending of emails from one of our institutional accounts that were not generated or authorised by our team." That is polite language for: someone else got into the account and hit send.
AFA sources told La Calle they suspect hackers with ties to Egypt were behind it. The association has not named any individual or group publicly, and no arrests have been announced.
The failure mode here is a familiar one. Email accounts, even official organisational ones, can be broken into if passwords are weak, reused across services, or stolen through phishing, where criminals send fake messages designed to trick someone into handing over their login details. In practice, a single staff member clicking the wrong link can hand an outsider full access to a shared inbox.
One thing the post-mortem will say: there was probably no multi-factor authentication in place. Multi-factor authentication, meaning a second confirmation step beyond a password such as a code sent to your phone, makes it significantly harder for an outsider to log in even if they have the correct password.
For ordinary people who received one of those AFA emails, the association's advice is straightforward. Delete the message. Do not click any links inside it, do not open attachments, and do not enter any personal details if prompted. The account may still be partially accessible to whoever broke in.
The AFA says it is working to lock the account down and understand how the access happened.
Operational takeaway: shared team inboxes are high-value targets and low-priority on the patch list. Fix that before the next big match.



