EA Sports responds to phishing hack scandal

News / EA Sports responds to phishing hack scandal

EA Sports responds to phishing hack scandal

EA has confirmed that many FIFA Ultimate Team accounts have been hacked using phishing techniques. A number of high profile traders have had their accounts hacked and cleared of FIFA points and coins worth thousands of pounds. 

A statement from EA says: “Over the last few weeks we’ve been made aware of reports that high-profile player accounts are being targeted for takeover. Through our initial investigation, we can confirm that a number of accounts have been compromised via phishing techniques. Utilising threats and other ‘social engineering’ methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts. 

“We are currently working to identify rightful account owners to restore access to their accounts, and the content within, and players affected should expect a response from our team shortly. Our investigation is ongoing as we thoroughly examine every claim of a suspicious email change request and report of a compromised account”.

Players listed as being on the Top 100 “transfer profit” leaderboard were targeted, as well accounts pertaining to influencers and huge streamers such as Nick RunTheFutMarket and Bateson87. It is believed that access was gained to these accounts by repeated contacts of EA Help live chat to change details (emails, passwords) of targeted accounts, until a live chat advisor would fall into the social engineering trap. The adversary then proceeded to clear the targeted accounts of all their FIFA points and coins - with one hacker estimated to be profiting in the hundreds of thousands of pounds.  

This is not the first time FIFA’s Ultimate Team has been entangled in controversy, just last year a FUT bot farm of almost 4,000 PS4s was shut down in Ukraine due to the black market revolving around the addition of FUT. Despite EA having to clean up quite a few messes related to FUT, it does not appear that the developers are any closer to preventing these sorts of incidents from occurring.  

The statement from EA has addressed what steps are being taken to rectify the current Fifa Ultimate Team scandal. EA says “There is always a human factor to account security and we know we must do better. As a result of these incidents and our investigation, we have taken the following actions to increase the administrative and technical safeguards for EA Accounts: 

- All EA Advisors and individuals who assist with the service of EA Accounts are receiving individualized re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance. 

- We are implementing additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests. 

- Our customer experience software will be updated to better identify suspicious activity, flag-at-risk accounts, and further limit the potential for human error in the account update process. 

“While in some cases these changes could impact customer experience wait times, these are necessary additional steps to ensure our player accounts remain secure. 

“We’d like to apologize for the inconvenience and frustration that this has caused, and that we were unable to share additional details in our original communication last week as we conducted a thorough investigation. Thanks to the whole community for your patience as we continue to address the situation and take corrective actions.”

How secure is

your business?

Security test
How secure is

your business?

Security test