Players signing up for the latest version of FIFA 20 have found themselves becoming potential victims of a data breach due to a major balls-up by gaming giant, EA.
The flaw happened when people tried to enter their details into the Global Series Competition of the game only to find that other people’s details were already there.
According to Engadet, the personal data exposed included usernames, email addresses and dates of birth.
Not a “substantial risk”
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, says the risk is not too much of a worry. He comments: “In light of the disastrous data breaches of 2019, exposing billions of highly-sensitive datasets, this incident is rather of a minor gravity. Quite unlikely cybercriminals had a chance to profiter from this regrettable programming mistake. Thus, I’d not speculate about substantial risks for the players.”
“Today, many organizations face ongoing pressure from global competition and have to rapidly release new products. Often, it is done in disregard of requisite security and privacy precautions putting their clients and other stakeholders at risk. Global cybersecurity skills shortage considerably exacerbates the problem. This incident is a sad reminder that any web or mobile application shall be properly tested prior to deployment into production.” Kolochenko added.
EA have since acknowledged the problem and said on Twitter, “We’re aware of a potential issue affecting the registration page for the EA SPORTS FIFA 20 Global Series that went live earlier today. We take these matters seriously, and we immediately took down the page while we investigate the matter. We’ll share updates as soon as possible.”
The games company now faces a potential €20 million if found guilty of negligence through new GDPR rules.
The breach occurred just a few hours after EA celebrated National Cyber Security Month by switching on a two factor authentication that allows a month of free subscription for certain users.