Players have experienced many blunders during the FIFA 22 Ultimate Team season so far, such as EA releasing misleading information, wrong cards, or revealing squads earlier than intended.
Something that was a lot more than a simple blunder was the recent hacking of multiple accounts, which lost gamers not just in-game items and money, but real financial value too.
EA has since offered a statement with their intended changes to make sure this doesn't happen again, which you can take a look at here.
What happened?
Over the past few weeks, quite a few high-profile FUT traders have reported that their Ultimate Team accounts have been hacked, with them logging on to find all their coins spent, players sold, and FIFA points drained.
FUT Donkey even claimed he will take legal action due to a breach of data protection laws.
What is worrying is that hackers seemed to get into another users account with ease.
Authentication system not fit for purpose
Hackers were able to infiltrate accounts by gaining information online, then effectively blagging their way through EA's authentication system.
As EA said in their statement:
individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to other player accounts
Human error is of course understandable, but the fact that this repeatedly happened shows there could be more to the case than first thought.
It also doesn't change the fact that many players have had their FUT clubs scrapped, and we wait to see the action EA will take in possibly restoring accounts.
Questions raised
Another line from EA's statement has also made some talking points on social media:
At this time, we estimate that less than 50 accounts have been taken over using this method.
Many people are questioning the fact that "less than 50 accounts" were hacked, however, EA is doing their own investigation into the matter which is ongoing, so they may discover the amount to be greater.
Salvaging sides
At the time, some players - including FUT Donkey - decided to delete their clubs when they suspected suspicious activity, in the hope that EA could then restore them.
Although deleting the club didn't stop the hackers from taking the coins, the club was restored, and it looks like EA will be working to do this for all accounts affected.
Part of the statement read:
We are currently working to identify rightful account owners to restore access to their accounts, and the content within, and players affected should expect a response from our team shortly.
Re-training the team
As mentioned, this wouldn't have happened if it wasn't for human error, and EA is making several changes to make sure this shouldn't happen again.
There is always a human factor to account security and we know we must do better. As a result of these incidents and our investigation, we have taken the following actions to increase the administrative and technical safeguards for EA Accounts:
- All EA Advisors and individuals who assist with service of EA Accounts are receiving individualized re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance.
- We are implementing additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests.
- Our customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.
The re-training of staff and needing managerial approval should cut down on human error, with the software update a technological safeguard to spot suspicious activity which may otherwise go unnoticed.
We wait to see what EA's next step will be, but for now, they are moving in the right direction after a serious incident for some of the game's biggest investors.