EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them

from the aaaaaah! dept

In our ongoing discussions about the new platform wars going on between Steam and the Epic Store, perhaps we’ve been unfair to another participant in those wars: EA’s Origin. Except that no we haven’t, since Origin is strictly used for EA published games, and now EA is pushing out games on Steam as well. All of which is to say that Origin, somehow, is still a thing.

Enough of a thing, actually, for EA to have tried to do something beneficial around Cybersecurity Month. For Origin users that enabled two-factor authentication on the platform, EA promised to reward those users with a free month of Origin Access Basic. That free month would give those that had enabled better security on their accounts access to discounts on new games and downloads of old games. Cool, right?

Well, sure, except that the method by which EA decided to make good on its promise basically scared the shit out of a whole bunch of people.

This morning at around 3am, jolted awake by an antsy newborn, I rolled over to check my email and was alarmed to see a message from EA with the subject: “You’ve redeemed an Origin Access Membership Code.” Goddamnit, I thought. Did someone hack me? Turns out it was just EA starting off everyone’s day with a nice little scare.

The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month. It looked for all the world like any other purchase confirmation from Origin does. This sent a whole bunch of people scrambling, assuming their accounts had been hacked. Then those same people jumped on Twitter, either recognizing that this scare was a result of EA’s crappy communication, or else not realizing that and asking all of Twitter what to do now.

That all of this came as a result of a Cybersecurity Month initiative was an irony not lost on the public.

Ironically, this email came as the result of an EA initiative to reward users of its PC platform with more security. Last month, EA quietly announced that Origin users with two-step verification enabled (in honor of “National Cybersecurity Month”) would get a free month of Origin Access Basic, which offers discounts and access to a bunch of old games. This was them making good on that promise.

Now if only “making good” hadn’t also equated to “scaring the hell out of users into thinking they’d been hacked and might have even lost all of their progress in Star Wars Jedi Fallen Order and had to start from scratch just like their buddy Kirk did.” Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords, especially in a world where just about every company (EA included) has been the target of a massive security breach.

EA: where even when the company tries to do something nice and good, it just ends up scaring the shit out of everyone.

Filed Under: , , , ,
Companies: ea

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them”

Subscribe: RSS Leave a comment
Anonymous Coward says:

The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month.

So, overreaction? On one hand it’s good that some people are taking their online security more seriously, but for gods sakes, assuming a hack for redeeming a redemption code, is a bit much.

By definition redemption means that the "purchase" was already made. So if you have no corresponding purchase notification, receipt, or deduction on your bank account(s), you haven’t lost anything. At the very least do some research before jumping to conclusions.

I’ll agree that EA could have been more explicit with their email, but if all it takes to trigger a mass password reset is an official looking email, it won’t be long before thieves decide to use that to their advantage. Think first people.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...