Data dump points to a breach at Electronic Arts

Account details of some 600 Electronic Arts (EA) customers have apparently been leaked on Pastebin. The company has yet to confirm whether the leak is genuine. “At this point, we have no indication that this list was obtained through an intrusion of our account databases. In an abundance of caution, we’re taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list,” they stated.

The list contains the customers’ email address and password (the account login credentials), their date of birth and a list of games they played. Other fields in the dumbed database are redacted, but it’s impossible to tell whether that’s on purpose or whether the data was badly formatted when the data was downloaded.

According to CSO’s Steve Ragan, the leak was first spotted by a gamer whose data is included in the dump.

After receiving password reset notification for several of his online accounts, he received an email alert from an individual who makes it his business to notify people whose data was shared online of the danger this represents.

The alert contained his EA password and a link to the data dump on Pastebin. The rest of the data also checked out.

Whether or not EA ultimately confirms that the leak was due to a breach they suffered, they are hopefully resetting the passwords of the compromised accounts, and are notifying affected users. Chances are that some of them have used the same login credentials on other online accounts, so they should be given a heads-up and urged to make a password change on those accounts, too.

“Gamers are often targeted with attacks, and with EA’s accounts tied into all of their games and their Origin e-commerce site, a gamer’s EA account can be very valuable,” noted Sam Houston, former community manager for EA’s official forum Origin and senior community manager at Bugcrowd.

“Gaining access to an EA account would enable a hacker to play any of their PC games purchased through Origin, and could potentially be used to play on a gamer’s account on a game connected via the EA account system. Those accounts are valuable not only for financial gain, but also for harassing or impersonating users.”

“It’s also worth noting that this dump could just be someone targeting EA in response to something. Over the years, EA has been the target of a lot of ire from various gaming groups, so this could be a response to a particular issue that people are upset about,” he added.




Share this