Electronic Arts (EA) has issued an official response to numerous reports of player accounts hacked, confirming the problem and attributing it to phishing actors.
As explained in the announcement, hackers used social engineering against EA’s customer experience team to bypass two-factor authentication and take over 50 player accounts.
FIFA 22 is a very popular soccer simulation game with a multiplayer mode in which players compete against each other in real time, swap in-game items, etc.
The gambling company has promised to restore the rightful owners’ access to the compromised accounts and has also announced the following measures to prevent this in the future:
- All EA consultants and individuals who assist with the maintenance of EA accounts will receive individual retraining and additional team training with a special focus on account security practices and the phishing techniques used in this particular case.
- Implementation of additional steps in the account ownership verification process, such as B. Mandatory management approval for all email change requests.
- Customer experience software will be updated to better identify suspicious activity, flag accounts at risk, and further limit the potential for human error when updating accounts.
The above changes will inevitably make customer service more cumbersome and slower, but they will improve account security, something the FIFA community has been complaining about for years.
“We apologize for the inconvenience and frustration this has caused and for not being able to post additional details in our original notice last week when we conducted a thorough investigation.” concludes EA’s statement
Known accounts hacked
Accounts that have been targeted by the phishing actors include those of real footballers like Valentin Rosier, professional streamers and in-game currency traders.
@EA_FIFA_France @EAFrance @EASPORTSFIFA
Je viens de me connecter à mon compte and je viens de voir que j’ai été hack. Donc ce qui veux dire que je n’ai plus rien et je n’ai plus accès à mon compte fifa. Un compte ou j’avais 60 million de credit, un compte ou j’ai mis de l’argent
– Valentin Rosier (@ VRosier19) January 7, 2022
Just hacked guys, finally people can stop blaming me for the hacks xD
I plan to take legal action, they gave my account to a random person via live chat, a clear violation of privacy laws
Was a fun ride see you in 23 i think
– FUT donkey (@FUTDonkey) January 5, 2022
These high profile accounts have invested significant amounts of money in the game and are using it as a source of income by monetizing their presence in this virtual space.
Some of the account holders that were hacked point out the possibility that EA employees could share their personal information with the hackers, which would violate the GDPR and result in fines of up to 4% of EA’s annual turnover.
However, at this point in time, no privacy investigations have been announced and EA’s investigation into the incident is ongoing, so the extent of the impact has not yet been determined with certainty.
It’s also worth noting that Bleeping Computer has seen reports of lower-level FIFA 22 accounts hacked lately, so the number of accounts hacked by phishing actors can go well over 50.