The year of 2022 hasn’t been off to the greatest of starts for EA and FUT players especially. Over the last week or so, multiple FUT accounts from high profile players have been successfully hacked into and the accounts have been emptied out of all valuable items and currency. These attacks come in light over already increasing concerns with respect to EA’s data privacy practices.
The hackers in question are targeting the highest value FUT squads and accounts with popular FIFA influencers such as FUTDonkey, Bateson87, Nick RunTheFUTMarket and others falling victims to this operation. The hackers have used the same method to gain access to each of the players’ accounts in a severe breach of sensitive information.
In order to gain the primary info, the hackers search for these FIFA personalities on the leader boards and note down their gamer tags as their targets seem to only be the top rated FUT accounts in FIFA 22. The hackers are then said to have contacted EA Support in an attempt to appear locked out of their accounts and persistently try to get data regarding that player’s email account and other passwords.
Hacked :/
— Nick (@NickRTFM) January 6, 2022
Goodnight đ
The hackers have then proceeded to empty the accounts of the club players, coins, and any other valuable items. The attack was largely possible due to a glaring loophole in EA’s support contact service. EA’s Live Chat feature does not require a registration and a user can simply provide their basic info to seek help.
The miscreants seem to have exploited this system by providing the gamer tags/PSN IDs of the FUT players in question and managed to convince the EA support staff that they have indeed been locked out and eventually securing the email addresses. Normally, this wouldn’t occur as there are procedures in place to absolutely confirm a players identity but it looks like the hackers knew how to bypass the security check.
People spam the livechat asking to change my account details until some incompetent advisor finally gave them the account pic.twitter.com/jqOoKKcv6s
— FUT Donkey (@FUTDonkey) January 5, 2022
The evidence can be seen through the tweets shared by the affect FUT players in the form of screenshots of their email inboxes. FUTDonkey shared a screenshot displayed above showing how the hackers spam the live chat until one advisor seemingly hands over access to the said account.
The hackers have used the same protocol for all users and there seems to be no response from EA in that regard. “I told EA live chat two times to add notes to my account to put that my account was being targeted by hackers and to not change any details, and they still did it” FUTDonkey is quoted to have said along with a series of tweets. “Nothing more I could have done and tbh I shouldn’t have to do anything. It is basic security, disgusting stuff.”
Not just that, the scammers have also done some additional handiwork and used the exposed email addresses to sign up for additional services, as shown by FUTDonkey in another tweet:
EA leaked my email address to some random guy with no verification or anything, he then used it to sign up to loads of random sites like IMDB, Quora, Pornhub etc. These guys are breaking GDPR laws and they don't care lol pic.twitter.com/4WVHu7Zc2Z
— FUT Donkey (@FUTDonkey) January 2, 2022
It is yet unknown if the hackers have stopped these attacks or if they intend to launch a fresh wave of targets. Multiple news sites have asked EA for a comment but have been met with radio silence from the publisher so far. This saga is far from over with nearly 100,000 USD already stolen collectively from the popular FUT traders and streamers as shown in the following tweet:
If the direct coin to dollar metric is flawed, then instead lets consider the amount of FP needed to be spent in order to attain the amount of coins hacked above. Keep in mind coins are much cheaper to buy directly then to attain through FIFA points. Only makes the case worse.
— Bobble⢠â î¨ (@BobbleTrading) January 6, 2022
Stay tuned as we report any progress on this issue on twitter!
EA Responds
EA officials have acknowledged the hack attack and released the next statement:
“Weâve been made aware of recent account takeover attempts and are currently investigating. More information on how to secure your account, including how to enable two-factor authentication, can be found here: https://help.ea.com/en/help/account/how-to-maintain-account-security/ .” an EA Sports spokesperson told Mirror Football.
The response looks like a generic PR statement that didn’t go well with the affected players and community.
Just woke up, the statement by EA is an absolute disgrace. Every single one of us T100 traders/content creators who got hacked had 2FA on, stop trying to gaslight us. Clearly they think theyâre above the law or simply donât care.
— FUT Donkey (@FUTDonkey) January 7, 2022
More updates will follow!