Friday, March 29, 2024

EA: 50 high-profile FIFA 22 accounts taken over by phishing actors

Electronic Arts (EA) has published an official response to numerous reports about hacked player accounts, confirming the problem and attributing it to phishing actors.

As the notice explains, hackers used social engineering against EA’s customer experience team to bypass two-factor authentication and take over 50 player accounts.

FIFA 22 is a very popular football (soccer) simulation game featuring a multi-player mode where people can compete in real-time, trade in-game items, etc.

The gaming company has promised to restore rightful owners’ access to the compromised accounts and has also announced the following measures to prevent this from happening again in the future:

  • All EA Advisors and individuals who assist with service of EA Accounts are receiving individualized re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance.
  • Implementation of additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests.
  • The customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.

The above changes will inevitably make customer service more cumbersome and slow, but they will improve account security, something that the FIFA community has been complaining about for years.

“We’d like to apologize for the inconvenience and frustration that this has caused, and that we were unable to share additional details in our original communication last week as we conducted a thorough investigation.” concludes EA’s statement

fifa

High-profile accounts hacked

The accounts that were targeted by the phishing actors include those of real footballers like Valentin Rosier, professional streamers, and in-game currency traders.

Recommended:  Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

These high-profile accounts have invested significant amounts of money in the game and use it as a source of income by monetizing their presence in that virtual space.

Some of the hacked account holders point out the possibility of EA’s staff giving away their personal data to the hackers, which would violate the GDPR, incurring fines up to 4% of EA’s annual turnover.

However, at this time, no data protection probes have been announced, and EA’s investigation on the incident is still ongoing, so the scope of the impact hasn’t been determined with certainty yet.

We think you may enjoy reading,

Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security