Cyber Incident Victim: W2S Organization

In October 2015, cyber attackers targeted at least six prominent FIFA video game content creators on YouTube, along with other high-ranking players not involved in video production. Over a two-week period, the attackers socially engineered EA Sports customer support to transfer control of victims’ Origin accounts—EA’s mandatory online gaming platform—to email addresses controlled by the hackers. Upon gaining access, the thieves systematically deleted valuable in-game assets, including rare player cards like Ronaldo, which had an estimated real-world value of £800 (3.4 million FIFA coins). Matthew Craig (matthdgamer), one of the confirmed victims, reported the destruction of his virtual team, while content creator Nick28T documented in a video how impersonators bypassed EA’s verification to seize his account. The attackers allegedly identified targets through FIFA Ultimate Team leaderboards, focusing on accounts with the most valuable inventories.

EA Sports responded by assisting affected players in recovering their accounts, implementing additional security measures such as multi-factor authentication, and conducting internal reviews of their account transfer protocols. Craig confirmed EA restored his access within days, applied four to five new security layers, and issued a personal apology. The company publicly advised all FIFA players to enable authentication safeguards referenced on its support sites, though it did not disclose specifics about procedural changes. The incident highlighted vulnerabilities in EA’s customer verification systems, with stolen assets collectively valued in the tens of thousands of pounds based on FIFA coin exchange rates. No legal actions or attacker identities were disclosed by EA or the victims at the time of reporting.