Possible Breach at EA Games; Company Denies Hack
CSO, a security-focused website, announced on Thursday that there may have been a breach at EA Games, the video game manufacturer. CSO stated the breach included EA usernames, passwords, emails and lists of the user’s games.
The website learned of the incident when an apparent victim reported the breach. The gamer received a password reset notification from his Skype account, and then, a few minutes later, he received five password reset requests from Dropbox.
Shortly after these messages, the gamer received an email from an individual who alerts users when personal information is exposed in data dumps on Pastebin. The message came from “urhack.com,” and it contained the gamer’s EA password and a link to the post.
“Once I’d taken a look at the dump it seems linked to my EA account – a full list of my games appears to be there, along with the email address on the account and password,” the gamer told Salted Hash in an interview.
On the Pastebin link, there are email addresses, passwords, dates (which are likely birth dates) and game listings. However, the data is either not complete, or it was not formatted properly when it was downloaded.
While it is possible that the data from Pastebin was pulled from another source, the listing of EA titles, usernames and passwords was enough for CSO to make the report.
EA has denied that there was a breach and insists there is no evidence that usernames and credentials appeared on Pastebin. The company has encouraged its customers to take precautions.
EA’s official statement: “Privacy and security is our top priority at EA. At this point, we have no indication that this list was obtained through an intrusion of our account databases. In an abundance of caution, we’re taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list. As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts.”