New hacking campaign targets EA Sports’ FIFA 22 players

During the last week, several players of the popular soccer video game FIFA 22 reported that their Electronic Arts online accounts were hacked. The incident would also have affected popular streamers of the video game such as Jamie Bateson (Bateson87), FUT FG, NickRTFM and Trymacs.

Affected users claim that hackers stole coins and players from their FIFA Ultimate Team clubs, a modality that allows users to form their own squad. The incident has even affected some users recognized for trading with these assets belonging to the video game.

Cybersecurity specialists believe that threat actors would have accessed the Gamertags or PlayStation Network IDs of affected players, using this information to contact EA Help posing as legitimate users and requesting a credential reset.

These are tactics typical of the attack known as social engineering, which hackers use to take control of online accounts, access protected resources or inject malware by deceiving an affected user.

Some enthusiasts of the FIFA video game franchise have been claiming for years that it is ridiculously easy to change an email address associated with the game by deceiving the operators of EA Help, because in most cases they do not perform any verification before completing the reset process. The worst thing is that not only the items of the game are at risk; users who suffer from these types of attacks may see their sensitive information compromised, including full names, dates of birth, phone numbers, and other details.

Ea released the following statement: “We are aware of the recent account hijacking attempts and are investigating.” The company recommends users adopt some additional security measures but does not mention whether the accounts can be recovered; In addition, some users believe that EA will only help the most popular streamers, leaving aside the rest of the users.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.