EA is investigating reports of FIFA Ultimate Team trader accounts getting hacked and being cleaned out. The perpetrators appear to be using a form of identity theft to trick EA staff into giving up email addresses and password reset links via live chat. Up to 100 reports from affected users have been filed so far.
One user going by the name FUT Donkey said they are going to pursue legal action against EA for breaching data protection laws, claiming EA reps gave a random person information about the account, granting them access.
I told EA live chat 2 times to add notes to my account to put that my account was being targeted by hackers and to not change any details, and they still did it. Nothing more I could have done and tbh I shouldn’t have to do anything. It is basic security, disgusting stuff.
— FUT Donkey (@FUTDonkey) January 5, 2022
The attackers also appear to be spamming EA support until someone provides the wanted info. FUT Donkey provided a screenshot showing the attempts in their email history.
People spam the livechat asking to change my account details until some incompetent advisor finally gave them the account pic.twitter.com/jqOoKKcv6s
— FUT Donkey (@FUTDonkey) January 5, 2022
FUT Donkey also discovered the attacker opened new accounts across the web. From IMDB and Quora to various porn sites, they found numerous new accounts using the stolen credentials. This is despite use of a two-step authenticator app, a very strong password that is changed regularly, and more.
EA leaked my email address to some random guy with no verification or anything, he then used it to sign up to loads of random sites like IMDB, Quora, Pornhub etc. These guys are breaking GDPR laws and they don’t care lol pic.twitter.com/4WVHu7Zc2Z
— FUT Donkey (@FUTDonkey) January 2, 2022
One has likened this to locking their tools in a work van, only for the company to give the keys to a random person on the street. “We’ve been made aware of recent account takeover attempts and are currently investigating,” EA said.
Source: Eurogamer