It has been reported that Electronic Arts have come under fire for accidentally leaking the personal information of thousands of FIFA players, pros and streamers. This comes just a couple of days after the gaming giant announced that all users who enable Login Verification (EA’s internal name for two-factor authentication) for their accounts would get free access to Origin Access for a month.
EA website leaks personal details of FIFA players. https://t.co/nTt4t3BpYs pic.twitter.com/UeiAeWCmeI
— Kotaku (@Kotaku) October 3, 2019
In light of the disastrous data breaches of 2019, exposing billions of highly-sensitive datasets, this incident is rather of a minor gravity. Quite unlikely cybercriminals had a chance to profiter from this regrettable programming mistake. Thus, I’d not speculate about substantial risks for the players.
Today, many organizations face ongoing pressure from global competition and have to rapidly release new products. Often, it is done in disregard of requisite security and privacy precautions putting their clients and other stakeholders at risk. Global cybersecurity skills shortage considerably exacerbates the problem. This incident is a sad reminder that any web or mobile application shall be properly tested prior to deployment into production.
There are many ways to breach data within huge companies, including Electronic Arts, and this case is a reminder that we need to protect our personal data ourselves as much as we can.
Many sites and games don’t always require your actual personal information. It is worth using a throwaway or a secondary email that doesn’t include your name. Furthermore, you could always slightly change your birth date just in case the data gets compromised and falls into the wrong hands. If you find it hard to then remember which sites have what information, password managers can store all this information safely and securely.
We must take care of our data where we can as it can be used by criminals in ways we may not usually think of such as identity theft.
The gaming industry has been hit hard by bad actors who are constantly trying to engineer new ways of bypassing security measures. We expect more online companies to follow this lead and offer a bonus to customers to implement greater security measures even though it might prove less convenient. At the same time, companies will need to clearly communicate to the consumer why the additional steps are needed for their protection.
Two-factor authentication offers stronger security than the classic one-factor authentication. To avoid sophisticated attacks, two-factor authentication can be combined with other security layers such as passive biometrics and behavioural analytics, so that if one layer fails, another layer of security takes over, protecting the customers\’ accounts even if the credentials have been stolen via phishing.
While two-factor authentication capabilities can help verify the user, behavioural analytics and passive biometrics allow you to learn and trust the user’s behaviour both in and across the session. This way you put the trust on the human instead of the device. With passive biometrics, customers are identified by their behaviour online and not by static data such as passwords or one-time codes. This inherent behaviour cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account.