Yahoo Survivor Football bug let players pick winners after NFL games were over

A bug on a popular Yahoo sports betting platform appears to have allowed people to cheat by placing bets after the games had already been decided.

The issue affecting Yahoo’s Survival Football game was discovered by a discerning player who noticed that one of his opponents kept winning thanks to games played on Thursday nights.

In a Reddit post and YouTube video explaining the issue, an unidentified player said he became curious after one of his opponents kept making improbably correct choices on the winners of NFL games played on Thursdays, when there is typically only one game.

In so-called survivor pools, players can compete against a group of people and whoever has the longest streak of correct picks wins. When a player picks a team that loses, they are eliminated.

The league started with 100 players and is now down to just four people. But one player pulled off three straight wins by picking underdogs on Thursdays.

“So now we're thinking...once is happenstance. Twice is coincidence...but three times?? That's enemy action. We were watching to see if he entered a pick when that Thursday game started, no pick was shown for him,” the player wrote in a post on Reddit.

“We checked again as the game was winding down in the 4th quarter when it was clear that the Raiders would win. Still no pick. We took a screenshot of this and it shows the time being 9:58 pm Central time. We checked again on Friday and low and behold, he has the Raiders selected.”

The user created another league with several dummy accounts last week and tested out a scheme where he opened two different browsers before the Thursday game between the Minnesota Vikings and Cincinnati Bengals.

One window showed all of the players in the league, and the other had a pending pick for one of his accounts. He left the browser windows open for the entire Thursday game, then after the Bengals won the option was still available to choose them as a winner. He clicked on the Bengals and when he refreshed the page, it confirmed that he had chosen the Bengals and won the week.

“To confirm this, I did the same thing for the 2nd Saturday game, Steelers vs. Colts. As the final few seconds wound down and the Colts were about to win, I selected the Colts for another dummy team in this test pool and again the pick was accepted after the game was over,” he said.

“On Friday, we did contact Yahoo support with these concerns and they gave us the brush off saying there is no way to verify exactly when the picks were made and that there is no way to enter a pick after the game has started.”

The user said some leagues play with real money so the scam could have financial implications for some players. They did not respond to a request for comment.

A spokesperson for Yahoo Sports told Recorded Future News: “This issue is resolved and we continue to focus on providing the best possible game experience."

They did not respond to further questions about how long this vulnerability has been in the game, whether those exploiting it would be removed from pools or how anyone would know if the issue is fixed if the company did not announce it.

The person who discovered the issue said on Wednesday that they still have not heard from Yahoo despite multiple attempts to contact the company about potential ways to rectify the scheme.

“I, along with our league [commissioner], have tried emailing them and we are simply ignored. Terrible! We really want to kick this guy out, but without that timestamp, we don't have the smoking gun,” he said.

“I'm not looking for Yahoo to fix it at this point, the damage is done. We just want them to give us the data we need. It has just soured the whole league for us and puts us in a bad position.”