FIFA 20’s first pro competition of the year kicks off with a data leak

Professional players, YouTubers and streamers all hit by the Electronic Arts blunder

Jadon Sancho in FIFA 20

Professional FIFA 20 esports players have been the subject of a data leak after signing up to the first professional competition of the annually released game's life cycle.

The game is less than a week old, but when a number of players registered for the FIFA 20 Global Series, they were met with an online form that was pre-filled with the personal information of players who had already registered.

Advertisement - Article continues below

Pro players, YouTubers, streamers and other registrants took to Twitter to voice their anger at Electronic Arts, the company behind the game.

Prominent Twitch streamer Kurt0411 blasted the company in a particularly emotive reaction, seen by his 61.8k Twitter followers, later following up by claiming he would sue the company for its wrongdoing.

The official online form provided by EA Sports which players were met with can be seen in the screenshot below. Players' names, dates of birth, account IDs and location could be viewed by the user, all pre-filled in the form's data fields.

UK-based professional player JREXX tweeted a screenshot of the myriad two-factor authentication (2FA) texts he received following the incident, adding that he thought it was "a shambles".

"If the allegations are true, this could mean that players have been leaked the sensitive details necessary to login to other people's accounts," said Ray Walsh, digital privacy expert at ProPrivacy.com. "At the moment the scale of the data breach is unknown. However, it's like there is the potential for the exposed data to be used for targeted phishing attempts on those affected."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It is unclear at this time whether updating the password for your account will help, but users are advised to do so as a precaution, as well as keeping an eye on any bank accounts that may be linked to their player IDs."

EA Sports initially acknowledged "a potential issue" on Thursday afternoon but twelve hours later the company released a more extensive admission of fault, in the early hours of Friday morning (BST).

"At approximately 1 pm UK time, we announced the registration portal page for the EA Sports FIFA 20 Global Series. Shortly after, we learned that some players trying to register were seeing the information of other players who had already signed-up through the registration page, the company said in a statement posted to Twitter.

"We immediately took action to shut down the site by 1:30 pm UK time. We were able to root cause the issue and implement a fix to be clear that information is protected. We're confident that players will not see the same issue going forward."

Advertisement - Article continues below

The company said it determined around 1,600 of registrants were affected by the issue and it was working hard to contact them to secure their accounts.

Somewhat ironically, the incident took place just days after the company enticed its user base to enable 2FA on their accounts, doing so would see them rewarded with a free month of Origin Access.

"If UK citizens are affected by a data breach then the organisation should notify the ICO within 72 hours of becoming aware of it unless it does not pose a risk to people's rights and freedoms," said an ICO spokesperson. "If an organisation decides that a breach doesn't need to be reported they should keep their own record of it, and be able to explain why it wasn't reported if necessary."

IT Pro has contacted EA for further comment and but it declined to provide any.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/security/cyber-attacks/356417/trump-confirms-cyber-attacks-on-russia-election-trolls
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020