The gaming industry is confirmed to be an attractive target for attention (and attacks) of cybercriminals, thanks to the excellent gains that can be achieved both in relation to large-scale attacks aimed at users and targeted and high-profile targets, including manufacturers, developers, or e-sports players. A few days ago the American giant Electronic Arts (EA), internationally known for the branded series EA Mythic, EA Sports, EA Sports Big, EA Bright Light, The Sims and many other successful titles, confirmed to have suffered a hacker attack that subtracted about 750 Gb of data (on reddit someone jokes about the small amount of data, comparing it to an update of COD or a map of Battlefield 2042). In the statement EA sent to Bleepingcomputer, both a ransomware attack and consequences with significant and significant impacts on the company’s core business were promptly excluded. In fact, there is talk of the subtraction of a limited amount of code and related tools and there is, to date, no compromise of personal data of users.
But according to the announcements and posts of cybercriminals, the event seems to be much more serious in terms of quality than amount of data stolen. In fact, it seems that thanks to the booty "You have full capability of exploiting on all EA services", reason why the data package was offered through ads in underground forums for 28 million dollars. While the investigation of the violation is still ongoing, what are the precautions that it is good to advise EA users precisely to prevent in the best possible way the most common risks resulting from this kind of events? Surely, two countermeasures are required: change your password and, above all, pay attention to the "themed" EA communications that will be received at registered contacts with the game account, in order not to be easy victims of phishing campaigns. As I have often said, the lack of attention and awareness are the very factors on which the success of an online fraud is based and therefore it is always better to prevent. Following this logic, if your phone number was entered during registration, you will need to reason that you might be exposed to smishing attacks. Obviously, all in the hypothesis that the event (at the outcome of investigations and analysis) may have allowed cybercriminals to exfiltrate such contact data. But a prudent approach is always recommended. Of course, the situation is up to EA’s slogan: "Challenge Everything".