How Hackers Stole 50 High Profile FIFA 22 Accounts
FIFA 22 owners take note: a threat actor has taken over accounts for 50 of the world’s top players. EA has confirmed the reports, promising to restore the online accounts to their rightful owners as quickly as possible and implement more security measures to protect user accounts of all levels.
How Were the FIFA 22 Accounts Breached?
Each FIFA 22 player account was breached after the attackers used social engineering techniques to evade two-factor authentication, resetting passwords and email accounts in the process.
The official EA Statement also indicated that “threats” were used to gain information on the accounts, though understandably didn’t elaborate on the specifics.
While EA is working to restore the accounts to the rightful owners, it did note that the process might take some time.
How Will EA Protect FIFA Player Accounts in the Future?
Following the high-profile breach, EA has put into place several new administrative and security safeguards to protect accounts moving forwards:
- EA advisors will be retrained with “specific emphasis on account security practices and phishing techniques.” The training will emphasize the social engineering and phishing techniques used in the breach.
- Account verification will now entail additional steps, including “mandatory managerial approval for all email change requests.”
- EA will update its customer user experience software to better flag suspicious activity, highlight at-risk accounts, and limit human error in the account management process.
The latter will offer little joy for the FIFA 22 players whose accounts were breached. Some players attempted to contact EA on multiple occassions to advise that their accounts were high-profile and should not have their details changed under any circumstances—yet these requests were apparently ignored.
Why Not Use a Two-Factor Authentication App?
The instant reaction to hearing about an account breach is to question their security. Why weren’t they using a two-factor authentication app to protect their account from attack?
In attacks of this nature, the hackers contact EA directly and attempt to convince the support that they’re the account owner. Typically, the attacker has researched the account beforehand and is ready with answers to basic account questions, such as security answers for secret questions, linked email addresses, phone numbers, dates of birth, and so on.
Once the support staff is convinced, they reset the account’s two-factor authentication, rendering it useless for the original account owner. From there, it’s a walk in the park for the attacker to take control.
How Can You Keep Your FIFA 22 Account Safe?
Despite what you’ve just read about bypassing 2FA, you shouldn’t worry too much about your own account. The top FIFA 22 players are targetted for exactly that reason—their accounts are likely full of FIFA points, rare FIFA Ultimate Team cards, and more. The combination makes them an alluring and high-profile opportunity.
For “regular” players:
- Keeping two-factor authentication enabled on your EA accounts is a must.
- Make sure to use a strong and unique password.
- You could also divert potential attackers by using random or nonsense answers to your security questions.
Finally, remember that EA will never contact you asking for a password or other account information. If you receive an email of that nature, it’s a phishing email trying to steal your login credentials.
Online scammers are taking advantage of coronavirus, targeting the vulnerable. Learn how to spot and avoid COVID-19 phishing scams.
About The Author