A hacker attack on the FIFA Ultimate Team accounts is underway : this is reported by various newspapers, including Mirror Football and Eurogamer, according to which some of the first 100 streamers of the game were affected ( the latest version dates back to last summer ) and more traders. major including Bateson87 (Jamie Bateson), NickRTFM, Trymacs, TisiSchubecH and FUT FG.
The trick exploited by the hackers is apparently simple: once you have the gamertags or the PSN ID of the players (they can be easily retrieved from the global in-game FIFA rankings, this is why it is mainly the most important players who are affected), they contact the EA Help service saying they have the account blocked, requesting to change the email address associated with the account.
In practice, they exploit a flaw in the support service, because you don’t need to be logged in to start a chat: in other words, you just need to provide a name and an email address. The hacker then informs EA Help of the gamertag or PSN ID to steal , and the game (read: the damage) is done. And to succeed – that is to increase the chances that the assistance provides data – the attackers spam the live chat service with numerous requests, with the hope that some of these will be accepted without the need to double check.
People spam the livechat asking to change my account details until some incompetent advisor finally gave them the account pic.twitter.com/jqOoKKcv6s
— FUT Donkey (@FUTDonkey) January 5, 2022
Trader Fut Donkey posted a screenshot of his email demonstrating spamming in the live chat to request an account change. The more attempts by hackers, the more likely it is that some support person will grant the new data without carrying out further checks.
As specified by Mirror Football, usually the support service carries out a further verification to check that the person requesting the change of the email address is actually the one who is entitled to it, that is, who has access to the account. However, this is not always the case, and the lightness of some members of the support team means that the hackers succeed in their intent. And, once logged in , they are free to empty the in-game accounts and players , as well as access the sensitive (and personal) data of the legitimate account owner.
” We have been notified of recent account takeover attempts and are currently investigating, ” a spokesperson for EA Sports said.
What do you think about FIFA Ultimate Team accounts ? Let us know in the comments.