Video game maker Electronic Arts (EA) has stated that around fifty high-profile accounts for the soccer game FIFA 22 were hacked after attackers manipulated the company’s customer service employees.
“Over the last few weeks we’ve been made aware of reports that high-profile player accounts are being targeted for takeover,” the company said. “Through our initial investigation we can confirm that a number of accounts have been compromised via phishing techniques. Utilizing threats and other ‘social engineering’ methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts.”
Some of the hacked accounts belonged to real soccer/football players and professional video game streamers. EA is still working to restore accounts to their rightful owners.
“At this time, we estimate that less than 50 accounts have been taken over using this method,” EA said. “We are currently working to identify rightful account owners to restore access to their accounts, and the content within, and players affected should expect a response from our team shortly. Our investigation is ongoing as we thoroughly examine every claim of a suspicious email change request and report of a compromised account.”
EA notes that “[t]here is always a human factor to account security,” and the company is taking the following steps to mitigate these attacks in the future:
“All EA Advisors and individuals who assist with service of EA Accounts are receiving individualized re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance.
“We are implementing additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests.
“Our customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.”
New-school security awareness training can enable your employees to thwart phishing and other social engineering attacks.
BleepingComputer has the story.