It would seem that as every day that passes, we learn about another hack that obtained people’s personal information and was released into the wild. On Thursday, it was learned that come confidential consumer information belonging to members of Electronic Arts’ Orgin service was released online.
CSO is reporting that information about the data dump came after someone was receiving various password reset notifications for some of his accounts. Not only that, a list of all his EA games were available on a Pastebin upload that contained emails and passwords from not only said gamer but thousands of others.
The upload, which has since been removed, contained hundreds of accounts beginning with letters A through F. EA titles from Mass Effect through Star Wars Battlefront were listed with some of the profiles released on the dump.
Sam Houston, a former community manager for Origin now working with Bugcrowd, suggested that the data dump is the result of an intentional hack into EA’s databases. “Gamers are often targeted with attacks,” he said in a statement, “and with EA’s accounts tied into all of their games and their Origin e-commerce site, a gamer’s EA account can be very valuable.
“Gaining access to an EA account would enable a hacker to play any of their PC games purchased through Origin, and could potentially be used to play on a gamer’s account on a game connected via the EA account system. Those accounts are valuable not only for financial gain, but also for harassing or impersonating users.”
John Reseburg, EA’s senior director of corporate communications, denied Houston’s claims in an email to Polygon. “At this point, we have no indication that this list was obtained through an intrusion of our account databases,” according to the statement.
“In an abundance of caution, we’re taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list. As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts.”
If there was not a data breach, then how did the information get out there. EA would not be the first company to downplay a breach if there was one. However, they did not rule it out of the realm of possibility in their statement, just that it seems that it is too early to tell. We will update you when more information becomes available.