Please support Game Informer. Print magazine subscriptions are less than $2 per issue
'Very Small' Number Of Active EA Accounts Present In Recent Data Dump
A report has surfaced indicating that personally identifiable information tied to some EA accounts has been made public. The data has been removed from Pastebin, on which it appeared, but not before the exposure allegedly caused problems for some.
The initial report of the breach came from CSO, which says it was contacted by an individual whose email address, password, and game list were present in the dump. According to the story, some of the information present has been tied to other breaches, including the recent Patreon intrusion.
When reached for comment, an EA representative told us that there was no evidence of a breach resulting in the data dump. “Privacy and security is our top priority at EA,” the representative tells us via email. “At this point, we have no indication that this list was obtained through an intrusion of our account databases. In an abundance of caution, we're taking steps to secure any account that has an EA user ID that matches the usernames on this list. As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts.”
Given that there are parallels between the data that appeared in this dump and other breaches, other possibilities exist. It’s not uncommon for some to use the same password on multiple services. Doing so would have allowed access to Origin accounts without directly mining data from EA.
What isn’t entirely clear is how the game lists were culled. It’s possible to gather that information from any user's Origin client if others haven’t made their libraries private. Additionally, if the accounts were breached using already exposed information, the lists could have been generated manually.
"The number of actual valid/active accounts in the list was very small," EA told us. This further indicates that the data was second-hand and not directly accessed from EA services.
EA is no stranger to accusations of data breach. In December 2014, users reported unexpected charges on their Origin accounts. When approached for comment, EA told us that there was no evidence of intrusion at that time either.
Our Take
It’s a good idea to use different passwords for every service. This way, if one happens to suffer an intrusion, the others are protected. Yes, it’s a pain. But dealing with fraudulent charges and changing all your passwords because of one problem is no joy either.
I’d like to ask you to support Game Informer’s continued coverage of games with a subscription. For less than two dollars per issue, we mail you a full year of 10 print magazines, each with cover stories and preview features filled with exclusive details about the most exciting upcoming games. We profile and interview game creators. We look back on the rich history of gaming, and we celebrate what’s next.
Here on the website, we offer much of our content for free, including game reviews, daily news, videos, event coverage, and more – all with minimal ads.
We do so with a small editorial team, alongside contributing paid writers from around the world – over 65 individuals from 9 countries around the world, just in the last couple of years.
It’s not possible without support.
In a time when game makers and games coverage have faced hard struggles and layoffs, the future of this 30+ year magazine and community is at risk. Our new standalone magazine subscription is the number one way you can keep us alive – and we believe you’ll get a pretty fantastic gaming magazine in your mailbox every few weeks for your trouble.
Thank you.
