Electronic Arts (EA) has released an official response to numerous reports of hacked player accounts, confirming the problem and attributing it to phishing players.
As the advisory explains, the hackers used social engineering against EA’s customer experience team to bypass two-factor authentication and take over 50 player accounts.
FIFA 22 is a very popular football (soccer) simulation game featuring multiplayer mode where people can compete against each other in real time, trade in-game items, and more.
The games company has pledged to restore rightful owner access to compromised accounts and also announced the following steps to prevent this from happening again in the future:
- All EA Advisors and those who assist in servicing EA Accounts receive one-on-one refresher training and additional team training, with particular emphasis on account security practices and phishing techniques used in this particular case.
- Implemented additional steps to the account ownership verification process, such as mandatory management approval for all email change requests.
- Customer experience software will be updated to better identify suspicious activity, flag risky accounts and further limit the potential for human error in the account update process.
The above changes will inevitably make customer service more cumbersome and sluggish, but they will improve account security, something the FIFA community has complained about for years.
“We would like to apologize for the inconvenience and frustration this has caused, and for the fact that we were unable to share additional details in our initial communication last week as we conducted a full investigation. ” concludes EA’s statement
High-profile accounts hacked
Accounts that have been targeted by phishers include those of real footballers like Valentin Rosier, professional streamers, and in-game currency traders.
@EA_FIFA_France @EAFrance @EASPORTSFIFA
I just logged into my account and just saw that I was hacked. So which means that I have nothing left and I no longer have access to my fifa account. An account where I had 60 million credit, an account where I put money
– Valentin Rosier (@ VRosier19) January 7, 2022
I just got hacked guys, finally people can stop blaming me for xD hacks
I’m planning to take legal action they gave my account to a random person via live chat, a gross violation of data protection laws
It was a fun ride, see you in 23 i guess
– FUT Donkey (@FUTDonkey) January 5, 2022
These prestigious accounts have invested large sums in the game and use it as a source of income by monetizing their presence in this virtual space.
Some of the hacked account holders point to the possibility of EA staff giving their personal data to hackers, which would violate GDPR and face fines of up to 4% of EA’s annual revenue.
However, as of yet, no data protection investigation has been announced and EA’s investigation into the incident is still ongoing, so the extent of the impact has yet to be determined. determined with certainty.
It’s also worth noting that Bleeping Computer has seen reports of lower-level FIFA 22 accounts having been hacked recently, so the number of accounts picked up by phishers can be well over 50.