Multiple famous accounts of 'FIFA 22' such as professional soccer players and famous gamers are hijacked, EA admits the case and officially apologizes



Accounts of celebrities such as professional soccer players and prominent gamers have been hijacked one after another in the soccer game 'FIFA 22 ' officially recognized by the Federation of International Football Associations. The operator, Electronic Arts (EA), has announced that the series of incidents was caused by an EA employee being caught in a 'social engineering attack.'

FIFA 22 | Pitch Notes --Account Takeover Update --EA SPORTS
https://www.ea.com/en-gb/games/fifa/fifa-22/news/pitch-notes-fifa-22-account-takeover-update

EA: 50 high-profile FIFA 22 accounts taken over by phishing actors
https://www.bleepingcomputer.com/news/security/ea-50-high-profile-fifa-22-accounts-taken-over-by-phishing-actors/

EA says 'less than 50' high-profile FIFA 22 player accounts were taken over via phishing | GamesRadar +
https://www.gamesradar.com/hackers-grabbed-multiple-high-profile-fifa-22-accounts-by-phishing-ea-support-agents/

FIFA 22 phishers tackle customer support with social engineering | Malwarebytes Labs
https://blog.malwarebytes.com/social-engineering/2022/01/fifa-22-phishers-tackle-customer-support-with-social-engineering/

On January 11, 2022, EA announced that a malicious person had hijacked multiple accounts of well-known players in a 'social engineering attack' that struck a human error in the customer experience team.

Social engineering attacks are attack methods that steal important information by exploiting human psychological gaps and behavioral mistakes. For example, 'non-electronic methods that do not use viruses or spyware' are classified as social engineering attacks, such as methods such as peeping through keystrokes over the shoulder and methods such as stealing passwords from materials discarded as garbage or storage media. ..

Social engineering measures | Information security measures for employees and staff in general | Measures for companies and organizations | Information security site for the people



The EA did not explain the specific method of social engineering attack used in this case, but since it states that 'two-factor authentication has been breached', 'a fake formula created in advance' You could have stolen your ID and password on the page, used that ID and password to impersonate the victim, and then stole the information needed to break through the two-factor authentication from customer support. '

Valentin Rongier, a professional soccer player belonging to Olympique de Marseille, and FUT Donkey, a famous player who was the leader in the game mode 'FIFA Ultimate Team', are known to have been damaged this time. It is a celebrity account.




According to the official announcement of EA, the total number of damaged accounts is 'less than 50', but Bleeping Computer, an IT news site, has received reports that FIFA 22 accounts other than celebrities have been hijacked one after another. As a result, 'actually it could be well over 50'.

EA commented that as measures to prevent recurrence, it will take measures such as re-educating employees related to accounts with an emphasis on phishing scams and requiring the approval of higher authority to apply for email address changes. .. The announcement concludes with an apology, 'We apologize for any inconvenience caused and for not being able to provide details at the time the incident was discovered due to a thorough investigation.'

In addition, EA has described this case as 'due to a social engineering attack', but if an EA employee colluded with a hacker and leaked personal information, it would be a violation of the EU General Data Protection Regulation (GDPR). It is reported that a huge fine of up to 4% of annual sales could be imposed.

in Game,   Security, Posted by darkhorse_log