Latest FIFA 20 Data Breach Shows EA Doesn’t Care About Your Privacy

Journalist:
Thomas Bardwell @TomBWrites
October 4, 2019

FIFA 20’s troubles aren’t set to subside any time soon. A data breach on the FIFA 20 Global Series registration page meant that the confidential information of an unknown number of players was free for others to see for multiple hours.

Player Data Breach

Yesterday, EA opened up registrations for its latest eSports venture, FIFA 20 Global Series, this year’s iteration of a season-long series of competitive events leading to the FIFA eWorld Cup.

Shortly afterward, players began reporting that they could access the details of other players who had already signed-up upon clicking the verification link sent to them after registering. The data included email addresses, gamer tags, country of residence, and date of birth.

Users took to Twitter to voice their concern;

Source: Twitter
Source: Twitter

EA responded over four hours later with a tweet warning of a ‘potential issue.’ EA took down the registration page for the FIFA 20 Global Series soon after.

Source: Twitter

However, the damage was already done. Twitter users reported desperately failing to regain ownership of their accounts via EA’s two-factor-authorization system, and receiving unsolicited verification codes.

Source: Twitter
Source: Twitter

EA Responds

Earlier today, EA released a cookie-cutter statement on the breach, confirming the site had been shut down within 30 minutes of registration going live. The publisher explained it has found the cause of the data breach and implemented a fix to ensure the protection of personal data moving forward.

EA estimates the breach affected 1600 FIFA 20 players. The company says;

We are taking steps to contact those competitors with more details and protect their EA accounts.

The statement continues;

Player privacy and security are of the utmost importance to us, and we deeply apologize that our players encountered this issue today.

Going by yesterday’s breach, this clearly isn’t the case, and EA seemingly has little to no regard for confidential player data.

Registrations for the FIFA 20 Global Series will go live once again in the coming days. After the breach, enthusiasm for the event has likely waned in the interim.

Source: Twitter

One Twitter user pointed out that beyond opening up affected players to all manner of problems, as well as raising questions about what measures EA takes to protect user privacy, the company could be in for some trouble for breaching GDPR data protection laws. The gaming giant may have a hefty fine to settle.

This article was edited by Samburaj Das.

Last modified (UTC): October 4, 2019 13:42

Tags: EAFIFA 20
Thomas Bardwell @TomBWrites

Thomas is a UK-based video game writer with an unhealthy obsession for everything weird and wonderful about the world of gaming. Contact: tbardwellfreelance[at]gmail[dot]com or Twitter at @TomBWrites