EA Sports forced to apologise over FIFA 20 data leak that impacts thousands


The first professional competition of FIFA 20 has been embroiled in a data leak as professional e-sports players signed up.

The newest addition of universally popular football game FIFA has only been out a week, but when players registered themselves for the Global Series, they encountered an online form that already contained information from others who had signed up.

Twitter has been the tool used by YouTubers, pro players, streamers and others to express their fury at Electronic Arts (EA), who make the game, with streamer Kurt0411, stating: "When you click the link register for verification you get other people's personal information!!!!!! WTFF, this is a new low even for this joke of a company."

He followed this tweet up by revealing that he would be "suing" the company.

Professional player JREXX, who is based in the UK, followed suit tweeting that it was "a shambles" with an attached screenshot of texts he received following the incident.

Potential players' names, account IDs, dates of birth, and location were all pre-filled when new users tried to sign up.

Ray Walsh, a digital privacy expert from ProPrivacy.com, said: "If the allegations are true, this could mean that players have been leaked the sensitive details necessary to login to other people's accounts.

"It is unclear at this time whether updating the password for your account will help, but users are advised to do so as a precaution, as well as keeping an eye on any bank accounts that may be linked to their player IDs.

"At the moment, the scale of the data breach is unknown. However, it's like there is the potential for the exposed data to be used for targeted phishing attempts on those affected."

On Thursday afternoon, EA Sports accepted "a potential issue", but revealed the true extent of the problem 12 hours later on Friday morning (BST) by posting to their Twitter page.

"At approximately 1pm UK time, we announced the registration portal page for the EA Sports FIFA 20 Global Series. Shortly after, we learned that some players trying to register were seeing the information of other players who had already signed-up through the registration page.

"We immediately took action to shut down the site by 1:30 pm UK time. We were able to root cause the issue and implement a fix to be clear that information is protected. We're confident that players will not see the same issue going forward."

According to estimates, about 1,600 people were affected by the fault and EA claimed they would be working hard to secure these accounts.

Coincidentally, days before this error, EA had appealed to users to enable 2FA on their accounts which would entitle them to a free month of Origin Access.

"If an organisation decides that a breach doesn't need to be reported they should keep their own record of it, and be able to explain why it wasn't reported if necessary," confirmed an ICO spokesperson.

"If UK citizens are affected by a data breach then the organisation should notify the ICO within 72 hours of becoming aware of it unless it does not pose a risk to people's rights and freedoms."

EA have declined to make any further comment on the issue.

News Now - Sport News