According to Electronic Arts, scammers using phishing, social engineering and threats were able to force the company's technical support to take the steps they needed to bypass two-factor authentication and gain access to the top user accounts of the game FIFA 22. Currently, Electronic Arts is trying to return 50 accounts stolen during this incident. The company acknowledged that this violation in its system was due to human error of the employees of the customer service team.
The attackers acted both via chat and flooded technical support with requests in which they, on behalf of the legitimate account owners, announced that they had changed the email addresses linked to their accounts. The scammers pressed that their account had been compromised and that they urgently needed to change their e-mail data to a new one.
In total, scammers tried to gain access to 100 accounts by massively overwhelming technical support with their requests and chatting. Most of the requests were denied. But the attackers did not stop their attacks until one of the technical support staff, in violation of the administrative and technical security regulations, which prohibited changes to EA user accounts without additional verification, succumbed to the persuasion of the attackers and corrected the email addresses in the settings of 50 accounts to others. sent to him by the attackers.
Electronic Arts is currently investigating the incident. The company banned such actions for technical support employees without confirmation from the management of their team that the request for changing credentials was legitimate and really came from the rightful owner.
In the summer of 2021, Electronic Arts was also hit by social engineering hackers. Then the attackers spent $ 10 and used social engineering to get inside the perimeter of the Electronic Arts network and download the source codes for FIFA 21 and the Frostbite engine.
The hackers said that they bought stolen cookies of real EA employees on the darknet for $ 10. They extracted the developer's credentials from them and were able to log into EA's corporate chat in the Slack messenger using them. Since February 2020, the attackers have had a list with the names of all EA internal channels in Slack. It was accidentally left by a former employee of the company in the repository on GitHub. After gaining access to EA's Slack chats, the hackers turned there, allegedly with a request from a real employee to the EA IT service and literally begged for tokens from the technical support for authentication in the corporate network of the company. “We sent a message to the IT support staff and explained to them that we had lost the phone at a party the night before,” explained one of the hackers. EA technical support issued hackers multi-factor authentication tokens, which the attackers successfully used at least twice.
Following this incident, Electronic Arts said it had taken the necessary steps to prevent similar events from happening again.