A self-proclaimed “ethical hacker” claims to have found a flaw on FIDE ( Federation Internationale des Échecs) that could have allowed malicious attacks, and says they informed the organisation of the vulnerability.
The individual discovered the flaw while looking at FIDE’s rating calculations page and decided to test it for cross-site scripting (XSS), where hackers inject malicious scripts into otherwise trustworthy websites.
XSS attacks can be used to steal data, hijack sessions, deface websites and deliver malware.
The hacker, who writes under the name “Hacknus Carlsen”, said FIDE fixed the bug a day after it was reported.
Carlsen said: “I partied like Magnus Carlsen after claiming the World Championship throne — without the GDP of a small country payout.