Last year, the competition generated over 1.2 billion content views across digital and social media channels. The culminating moment is, of course, the voting, during which, within several dozen minutes, millions of people simultaneously vote for their favorites.
This is a huge challenge for infrastructure – but also a huge incentive for cybercriminals.
— The Eurovision final is one of the most demanding moments for digital infrastructure. In a very short time, the systems must handle huge, simultaneous traffic related not only to the voting itself, but also to user activity in applications and digital channels – says Sylwia Pyśkiewicz, managing director of Equinix in Poland.
— Each interaction – casting a vote, checking results, or using an application – goes to systems operating in data centers, where data is processed and forwarded in real time. At such moments, the infrastructure must be prepared for a surge in requests, scaling its resources almost immediately and ensuring uninterrupted availability of services, he adds.
So can such an event be hacked? — Global events with high media visibility naturally attract the attention of both profit-seeking cybercriminals and more advanced state-sponsored groups. The analyzes of our Unit 42 show that groups related to, among others: with China, Russia and North Korea are increasingly focusing on telecommunications infrastructure, digital services and organizations supporting events of international importance – says Tomasz Pietrzyk, technical director at Palo Alto Networks in Central and Eastern Europe, in an interview with Business Insider Polska.
However, the expert estimates that the scenario of a complete “hacking of the results” of a professionally secured voting system seems “unlikely.” But he has other concerns.
This is how hackers can act during Eurovision
— Attempts to disrupt services, overload systems with DDoS traffic, disinformation activities or attacks targeting technological partners and the entire organizational base are much more likely. It is also worth noting that events such as Eurovision are often used by attackers in phishing campaigns and their variants such as smishing (SMS) and vishing (telephone) directed against any other organizations. References to Eurovision attract users' attention and may persuade them to visit dangerous websites or open email attachments, says Tomasz Pietrzyk from Palo Alto Networks.
— Events such as Eurovision today rely on a very extensive digital infrastructure – from broadcasts and mobile applications to voting systems and platforms of technological partners. From a cybersecurity perspective, this means not only the need to maintain the continuity of the entire ecosystem, but also a significant increase in the attack surface, which means a greater number of potential entry points for cybercriminals. The more complex and dispersed the technological environment, the greater the risk that the weak link in the protection system will be, for example, an application or an element of the infrastructure supporting the event, or even an external service provider. According to analyzes by Palo Alto Networks, nearly every fourth security incident in Europe begins with partners or service providers, who become an indirect entry point into the environment that is the real target of cybercriminals – adds the expert.
See also: Can Eurovision be good business? Yes, but probably not for Poland
AI in the service of hackers
– That's why organizers of large events today use multiple layers of security at the same time – from dispersing services between different data centers and backup systems, to constant monitoring of network traffic and tools that detect unusual activity or attempts to overload the infrastructure. The “zero trust” approach is also playing an increasingly important role, which assumes continuous verification of the activities of users and devices and limits access only to the necessary resources, he adds.
— In practice, AI and automation are also very important today. Attackers use automatic tools to search for vulnerabilities, generate phishing campaigns or conduct coordinated attempts to overload the infrastructure. This means that cyberattacks can develop much faster than a few years ago – the Unit 42 team's observations show that operations that previously took days or weeks can now be completed within hours or even minutes. At the same time, artificial intelligence is being used more and more effectively by organizers and security teams. Today, AI helps analyze huge amounts of data in real time, detect unusual behavior and respond faster to potential incidents before they affect the operation of the entire infrastructure – adds Tomasz Pietrzyk.
The biggest challenge is the moment when millions of users click “vote” at the same time. From a technology perspective, each vote cast is a single digital operation that triggers a series of processes – from sending data, through processing it in real time, to saving it and including it in the final results. In practice, these operations do not only concern voting itself. Many people also use their phones or the competition application at the same time – checking information about the artists, tracking the results and additional materials related to the event.
The official Eurovision app had 1.1 million active users in 2025 on the day of the final. This means that at the same time the systems must handle both millions of votes and hundreds of thousands of additional actions performed by users in the application – we read in the analysis by Equinix.
See also: Android and iPhone users have been waiting for this for a long time. It finally worked
