Email addresses, usernames, and dates of birth of 1,600 players who registered for gaming giant EA's FIFA 20 Global Series were visible to others who visited the registration page soon after it was launched.
The leak of personally-identifiable data of registered EA Sports FIFA 20 Global Series players was noticed by a number of people who visited EA's registration page to sign up themselves. These people subsequently took to social media platforms to highlight the personal data breach occurring through EA's FIFA 20 Global Series registration page.
Reacting to the concerns aired on social media, EA took down the page within 30 minutes of its launch to investigate the cause of the breach. The company later announced on Twitter that the error that led to the data exposure had been fixed and that the registrations for FIFA 20 Global Series will re-open in the coming days.
Flaw in EA website exposed 1,600 users' personal data
The company also admitted that the data exposure, that lasted thirty minutes, exposed approximately 1,600 registered players and that the company is now taking steps to protect their EA accounts.
"At approximately 1PM UK Time, we announced the registration portal page for the EA SPORTS FIFA 20 Global Series. Shortly after, we learned that some players trying to register were seeing the information of other players who had already signed-up through the registration page.
"We immediately took action to shut down the site by 1:30pm UK Time. We were able to root cause the issue and implemented a fix to be clear that information is protected. We're confident that players will not see the same issue going forward," EA said.
"We've determined that approximately 1600 players were potentially affected by the issue, and we are taking steps to contact those competitors with more details and protect their EA accounts. Players privacy and security are of the utmost importance to us, and we deeply apologize that out players encountered the issue today," it added.
EA offering premium content access to users adopting two-factor authentication
News of the breach arrived shortly after EA announced special benefits for users who will enable Login Verification in their accounts. Login Verification involves the use of two-factor authentication for players to access their accounts and makes it difficult for hackers to hijack accounts even if they possess personal data of players.
EA players who turn on Login Verification in their accounts on or before 31st October will enjoy a month of free access to Origin Access Basic. Existing Origin Access Basic and Origin Access Premier members will not be charged in November if they turn on Login Verification, and those players who have already enabled the feature will enjoy a free month of Origin Access as well.
"Two-factor authentication offers stronger security than the classic one-factor authentication. To avoid sophisticated attacks, two-factor authentication can be combined with other security layers such as passive biometrics and behavioural analytics, so that if one layer fails, another layer of security takes over, protecting the customers' accounts even if the credentials have been stolen via phishing," says Rosemary O'Neill, director - customer delivery, at NuData Security.
"While two-factor authentication capabilities can help verify the user, behavioural analytics and passive biometrics allow you to learn and trust the user’s behaviour both in and across the session. This way you put the trust on the human instead of the device.
"With passive biometrics, customers are identified by their behaviour online and not by static data such as passwords or one-time codes. This inherent behaviour cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account," she adds.