When a major game publisher discloses a security incident, two things happen at once: the vendor investigates the incident, and attackers start using the news as cover for scams against players. Your goal is to keep the second part from becoming your problem.
Safety note: Real support will not ask for your password, backup codes, or one-time verification codes. Treat any urgent "verify your EA account" message as hostile until proven otherwise.
Immediate steps (protect your accounts even if you were not directly affected)
- Stop password reuse: change your EA password to a new, unique password. If you reused that password anywhere else, rotate those accounts too.
- Turn on strong login protection: enable 2FA or equivalent login verification on your EA account and on the email inbox tied to it.
- Harden linked platforms: enable 2FA on PlayStation Network, Xbox/Microsoft, Steam, Nintendo, and any other account linked to EA.
- Check financial exposure: review recent purchases and saved payment methods. Dispute unauthorized charges through the platform where the purchase occurred.
- Do not click "account verification" links from social media DMs or email. Navigate to EA sign-in pages directly.
If you want a quick refresher on why reuse is dangerous after breach news, see credential stuffing.
What EA said about the 2021 incident
In June 2021, attackers claimed they accessed internal EA data. EA published a statement describing what it understood at the time and what it did not see evidence of. Use the primary statement as your reference point, not screenshots circulating on social media.
Even when an incident is primarily about internal tools or code, players can still be targeted. Scammers use believable pretexts like "your account is part of the incident" or "you must re-verify ownership" to steal logins.
How EA player accounts usually get compromised
Most account takeovers are not the result of deep intrusion into a vendor's infrastructure. They are operational attacks against users:
- Phishing: fake login pages, fake support chats, or "ban appeal" lures that capture credentials.
- Password reuse: old breaches from unrelated sites become logins for EA and linked platforms.
- Session theft: malware steals browser sessions and cookies, bypassing passwords.
- Weak recovery: if your email inbox is compromised, the attacker can reset everything else.
If you suspect malware or a stolen session, treat it as a device problem as well as an account problem. Start containment at been hacked? what to do first.
EA account hardening that actually changes outcomes
Security controls should be chosen based on the way takeovers happen. The checklist below prioritizes controls that stop the most common failure modes.
| Control | What to do | Stops |
|---|---|---|
| Unique password | Create a password that exists only for EA | Credential stuffing from unrelated breaches |
| Login verification | Enable EA's login verification / 2FA options | Single-factor takeovers |
| Email inbox security | Enable 2FA, review forwarding rules and recovery methods | Password reset hijacking |
| Linked accounts review | Remove unknown connections and secure each platform | Backdoor access through a weaker linked account |
| Payment hygiene | Remove saved payment methods if you do not need them | Fast unauthorized purchases |
Account settings and labels can vary by region and device, but the stable path is: manage your EA account directly through the official account portal, and enable the strongest login verification options you are offered.
Scam patterns that spike after breach news
After a public incident, attackers target players who are anxious and searching for answers. These patterns are common:
Fake support escalation
You receive a message claiming to be EA support (often from a social account with a similar name) offering to "restore access" if you share a code or confirm login details. The objective is to capture your credentials or one-time codes.
Verification or compensation bait
Emails or DMs promise compensation, free coins, or a security check. The link leads to a lookalike sign-in page designed to harvest your password.
Account ban pressure
Messages claim your account is suspended due to the incident and you must appeal immediately. Pressure is used to bypass your skepticism.
If you are evaluating a message under time pressure, use how to identify scam emails and navigate to official domains manually instead of clicking.
If you believe your EA account was taken over
Respond as a containment problem, not a single reset. The goal is to remove the attacker and stop re-entry.
- Secure the email inbox first (password change, 2FA, forwarding rules).
- Reset the EA password to a unique password.
- Enable login verification on EA and on any linked platform accounts.
- Review linked accounts and remove anything you do not recognize.
- Check purchases and saved payment methods.
If you primarily play on PlayStation, start with how to secure your PlayStation Network (PSN) account as well. Attackers often pivot through the weakest linked account, not the one you think of first.
Incidents at large vendors are a reminder that account security is the last line of defense you control. Unique passwords, strong verification, and disciplined link hygiene turn breach news into background noise instead of an account takeover.
When the email inbox and the most important accounts are hardened, opportunistic attacks stop working. That is the real payoff of doing the basics well: you make yourself a bad target.
The remaining risk is targeted social engineering. If you keep a habit of navigating to official domains directly and refusing to share codes, you close the last easy door attackers rely on.