Electronic Arts (EA) has denied that it was breached after the personal information of hundreds of its users appeared online.
The industry speculated that EA may have been attacked when the account details of 600 EA customers showned up on Pastebin, a website for storing text online, often used by web developers to share source code and also often used by hackers and groups like Anonymous.
According to CSOonline, a security news website, last week a gamer received a password reset notification from an old Skype account, quickly followed by similar password reset notifications from other accounts. The gamer soon got an email from someone who found their account details on the Pastebin dump.
By getting into a user's account, the attacker can make purchases using their Origin account, play any of the games that the original user had bought with the Origin account or post under the guise of the hacked user. Origin uses saved payment information, making defrauding users easy once the attacker gains access to the account. The list of leaked account information isn't complete although there are passwords and email addresses for each one of them.
"We found no indication at this point of a breach of our Origin account database," the company said in a statement to trade press. They did add, however, that “we encourage our players to use Origin user ID and passwords that are unique to their account”, and to report any unexpected activity on their account to EA. EA also said that it is now taking steps to secure its' users accounts but did not give any details as to how they would carry that out.
If EA wasn't breached then the information may have been taken in composite and collated from other sources. An EA spokesperson told SCMagazineUK.com that these kinds of leaks usually happen through phishing attacks on users or brute force attacks, which is why EA recommends unique passwords for users.
Some of the addresses on the dump have been involved in other breaches,like the Bitcoin Security Forum's Gmail dump.
Sam Houston, a former community manager spoke to net-security, a cyber-security news outlet, and said that "Gamers are often targeted with attacks, and with EA's accounts tied into all of their games and their Origin e-commerce site, a gamer's EA account can be very valuable."
Houston added that this dump could be a calculated act of revenge against EA: “Over the years, EA has been the target of a lot of ire from various gaming groups, so this could be a response to a particular issue that people are upset about."
This is not the first time EA's security has been called into question. At the end of last year, users found that games were being purchased on their origin accounts without their knowledge and many called EA out for their poor security practices. the company responded to these claims with a familiar line: “We found no indication at this point of a breach of our Origin account database.” In an unconnected case earlier in the year, EA admitted that 40,000 users may have had their account information hacked after a whistleblower came forward.