Company says it will investigate further

Oct 17, 2015 18:41 GMT  ·  By

Electronic Arts (EA) is in damage control mode right now after a Pastebin data dump pointed the finger towards a breach the company may have suffered.

The first to take notice was a gamer (who wanted to remain anonymous), who said that on Thursday he started receiving multiple password reset emails from various online services.

Things took a turn for the worse a few hours later, when he received an email from urhack.com, a Web service that sends mail notifications to people whose data was exposed online in data breaches.

The gamer eventually tracked down the issue to a Pastebin page, where the data of around 600 EA users was being listed.

Only details for users who had their name begin with A to F were shown, meaning there was much data still not made public.

The data contained usernames, emails, passwords, and a list of games for each account.

Electronic Arts says there's no evidence of a hack on its side

Contacted by CSO, EA denied that any hack took place but said it would investigate nonetheless.

"Privacy and security is our top priority at EA.  At this point, we have no indication that this list was obtained through an intrusion of our account databases.  In an abundance of caution, we're taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list. As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts."

Right now two theories exist. One is that the data is authentic, and someone is trying to shop it around, using the Pastebin document as a sample/proof.

The other is that the data has been scraped from other hacks and put together without being authentic.

Steve Ragan from CSO says that he checked the data against the Have I been pwned? database, and most of it seems to be unique, and not part of any other previous data leak.

UPDATE: The article was amended to reflect the correct content of urhack.com emails.