Cyber Incident Victim: Electronic Arts Inc.
Date:
Oct 2015
Location:
United States of America
Summary
A Pastebin post exposed Electronic Arts customer data including email addresses, plaintext passwords, game libraries, and possible birthdates, impacting hundreds of accounts primarily with Gmail addresses. While EA stated no evidence indicated a breach of their systems, the company initiated protective measures for affected Origin accounts matching the leaked credentials. The data's origin remained unclear, with some records linked to prior third-party breaches like Adobe and Patreon, though many appeared newly exposed. The incident raised concerns over potential account misuse for unauthorized game access, impersonation, or harassment, particularly given historical targeting of the gaming community. Previous user reports of suspicious Origin account activity had been investigated without confirmed compromise findings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 15, 2015, a Pastebin post surfaced containing Electronic Arts (EA) customer account details, triggering concerns about a potential breach. A gamer received password reset notifications for his Skype and Dropbox accounts, followed by an email from "urhack.com" containing his plaintext EA password and a link to the Pastebin data. The exposed records included email addresses, passwords, dates resembling birthdays, and comprehensive lists of purchased games such as Battlefield, The Sims, FIFA, and STAR WARS Battlefront. Approximately 600 accounts appeared in the dump, though only those with Gmail addresses beginning with letters A-F were fully visible, while other fields displayed redacted question marks or formatting errors. The gamer confirmed the data matched his EA account credentials and game library, prompting him to alert EA. Analysis revealed some affected email addresses had previously been compromised in breaches at Adobe, Patreon, and the Bitcoin Security Forum, though many were first exposed in this Pastebin post according to Have I Been Pwned. EA initially provided no official statement but later acknowledged investigating the incident, stating they found "no indication" the data originated from an intrusion into their systems.
EA announced steps to secure any Origin or EA accounts matching the usernames in the Pastebin dump but did not specify whether password resets or other protective measures would be implemented. The company emphasized prioritizing user privacy and encouraged customers to use unique credentials across online accounts. This incident followed December 2014 Reddit user reports of unauthorized Origin account charges, which EA had previously investigated without identifying a breach. Sam Houston, former Origin community manager, noted EA accounts' high value for attackers due to access to purchased games, e-commerce capabilities, and potential harassment opportunities. He also suggested the leak might reflect retaliation against EA, given the company's history of contentious relationships with some gaming communities. The Pastebin data’s incomplete and partially redacted nature left uncertainty about its origin, with possibilities ranging from EA system compromises to aggregation from older third-party breaches. EA’s statement was issued three hours after media outreach, indicating ongoing scrutiny of the incident’s scope and impact.