Please support Game Informer. Print magazine subscriptions are less than $2 per issue


'Very Small' Number Of Active EA Accounts Present In Recent Data Dump

by Mike Futter on Oct 16, 2015 at 10:58 AM

A report has surfaced indicating that personally identifiable information tied to some EA accounts has been made public. The data has been removed from Pastebin, on which it appeared, but not before the exposure allegedly caused problems for some.

The initial report of the breach came from CSO, which says it was contacted by an individual whose email address, password, and game list were present in the dump. According to the story, some of the information present has been tied to other breaches, including the recent Patreon intrusion.

When reached for comment, an EA representative told us that there was no evidence of a breach resulting in the data dump. “Privacy and security is our top priority at EA,” the representative tells us via email. “At this point, we have no indication that this list was obtained through an intrusion of our account databases. In an abundance of caution, we're taking steps to secure any account that has an EA user ID that matches the usernames on this list.  As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts.”

Given that there are parallels between the data that appeared in this dump and other breaches, other possibilities exist. It’s not uncommon for some to use the same password on multiple services. Doing so would have allowed access to Origin accounts without directly mining data from EA. 

What isn’t entirely clear is how the game lists were culled. It’s possible to gather that information from any user's Origin client if others haven’t made their libraries private. Additionally, if the accounts were breached using already exposed information, the lists could have been generated manually.

"The number of actual valid/active accounts in the list was very small," EA told us. This further indicates that the data was second-hand and not directly accessed from EA services.

EA is no stranger to accusations of data breach. In December 2014, users reported unexpected charges on their Origin accounts. When approached for comment, EA told us that there was no evidence of intrusion at that time either.

[Source: CSO via Polygon]


Our Take
It’s a good idea to use different passwords for every service. This way, if one happens to suffer an intrusion, the others are protected. Yes, it’s a pain. But dealing with fraudulent charges and changing all your passwords because of one problem is no joy either.