.jpg?width=1200&height=630&fit=crop&enable=upscale&auto=webp)
EA confirms FIFA account hijacking was due to ‘human error’
Electronic Arts confirmed reports that some “high profile” FIFA Ultimate Team accounts have been taken over by hackers who were able to “exploit human error in our customer experience team” to bypass two-factor authentication.
The initial takeover report passed last week European players, which states that several top FUT traders have reported that their accounts have been taken over and stripped of their FIFA points and coins. According to the report, the attackers were able to convince EA support that they were in fact the correct owner of the account, using player tags taken from FIFA leaderboards. The representatives then revealed the email addresses attached to the gamertags and reset the account’s password, enabling attackers to log into the accounts and delete them.
Just got hacked boy, finally people can stop accusing me of hacking xDI planning to take legal action, they gave my account to a random person via live chat in a clear breach of data protection laws an interesting ride, see you guys 23 I guess ❤️January 5, 2022
This kind of hacking really pisses me off. I did a good comparison on the livestream today as I had all my work tools locked in my work van.Just let the van company hand over the keys to random people on the street without notifying meJanuary 2, 2022
After investigating these claims, EA has now confirmed it is responsible for security failures.
“Through our initial investigation, we can confirm that many accounts have been compromised through phishing techniques,” EA wrote. “Utilizing threats and other ‘social engineering’ methods, malicious individuals were able to exploit human error in our customer experience team and bypass two-factor authentication to gain access to other player accounts.”
EA currently estimates that fewer than 50 accounts have been taken over in this way, and it is now working to figure out who the correct owner is and recover all stolen content. It also pledged to take steps to ensure such things are unlikely to happen again in the future.
- All EA consultants and individuals assisting with EA account services are undergoing individualized retraining and additional team training, with particular emphasis on account security practices and phishing techniques used in this particular situation.
- We’re implementing additional steps to the account ownership verification process, such as mandatory administrative approval for all email change requests.
- Our customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.
It also warned that these new steps “could impact customer experience wait times” — in other words, make them longer — but added that they were necessary to ensure better account security.
FUT fans react to the changes Reddit Seems generally positive so far: longer wait times for support requests aren’t great, but if some smooth talker gets in touch with a support rep who isn’t attentive enough, they can also attack with your account credentials. However, the situation is not yet fully resolved.
“It’s really nice to see this, this should prevent future victims from being hacked,” FUT Donkey, whose account was hacked last week, tweet“Now my question is, what are you going to do for us who got hacked? I haven’t heard anything from EA since I got hacked. Can we get our tokens back?”
And there could be ramifications beyond the FUT itself: NickRTFM praised the account security changes on Twitter, but added that someone was now using his leaked personal details to apply for credit in his name.