EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them

from the aaaaaah! dept

In our ongoing discussions about the new platform wars going on between Steam and the Epic Store, perhaps we've been unfair to another participant in those wars: EA's Origin. Except that no we haven't, since Origin is strictly used for EA published games, and now EA is pushing out games on Steam as well. All of which is to say that Origin, somehow, is still a thing.

Enough of a thing, actually, for EA to have tried to do something beneficial around Cybersecurity Month. For Origin users that enabled two-factor authentication on the platform, EA promised to reward those users with a free month of Origin Access Basic. That free month would give those that had enabled better security on their accounts access to discounts on new games and downloads of old games. Cool, right?

Well, sure, except that the method by which EA decided to make good on its promise basically scared the shit out of a whole bunch of people.

This morning at around 3am, jolted awake by an antsy newborn, I rolled over to check my email and was alarmed to see a message from EA with the subject: “You’ve redeemed an Origin Access Membership Code.” Goddamnit, I thought. Did someone hack me? Turns out it was just EA starting off everyone’s day with a nice little scare.

The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month. It looked for all the world like any other purchase confirmation from Origin does. This sent a whole bunch of people scrambling, assuming their accounts had been hacked. Then those same people jumped on Twitter, either recognizing that this scare was a result of EA's crappy communication, or else not realizing that and asking all of Twitter what to do now.

That all of this came as a result of a Cybersecurity Month initiative was an irony not lost on the public.

Ironically, this email came as the result of an EA initiative to reward users of its PC platform with more security. Last month, EA quietly announced that Origin users with two-step verification enabled (in honor of “National Cybersecurity Month”) would get a free month of Origin Access Basic, which offers discounts and access to a bunch of old games. This was them making good on that promise.

Now if only “making good” hadn’t also equated to “scaring the hell out of users into thinking they’d been hacked and might have even lost all of their progress in Star Wars Jedi Fallen Order and had to start from scratch just like their buddy Kirk did.” Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords, especially in a world where just about every company (EA included) has been the target of a massive security breach.

EA: where even when the company tries to do something nice and good, it just ends up scaring the shit out of everyone.

Filed Under: 2fa, ea origin, platforms, two factor authentication, video games
Companies: ea


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 23 Nov 2019 @ 12:04am

    "Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords"

    We were just enforcing best cybersecurity practices, to make sure people weren't recycling passwords.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Nov 2019 @ 5:28am

    I went a bit paranoid and might have changed every password i have that was slightly connected to it..
    so everything.

    Also went on a Two-factor authentication spree.

    Only took half a day and was happy with my swift and measured response until i read this article.

    Thanks.

    reply to this | link to this | view in chronology ]

    • identicon
      TRX, 24 Nov 2019 @ 5:23am

      Re:

      Also went on a Two-factor authentication spree.

      If "two factor" meant "SMS to your phone", you probably got the opposite of what you expected as far as security.

      reply to this | link to this | view in chronology ]

  • icon
    OldMugwump (profile), 23 Nov 2019 @ 8:14am

    Never attribute to malice...

    ...that which can be adequately explained by incompetence.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Nov 2019 @ 9:08am

    At least they got a code, so of us are still waiting for this promised free month of access...

    reply to this | link to this | view in chronology ]

  • icon
    r_rolo1 (profile), 23 Nov 2019 @ 11:28am

    That makes sense ...

    EA last good deed was so long ago that they simply don't remember how to make a good deed anymore ;)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Nov 2019 @ 1:42pm

    The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month.

    So, overreaction? On one hand it's good that some people are taking their online security more seriously, but for gods sakes, assuming a hack for redeeming a redemption code, is a bit much.

    By definition redemption means that the "purchase" was already made. So if you have no corresponding purchase notification, receipt, or deduction on your bank account(s), you haven't lost anything. At the very least do some research before jumping to conclusions.

    I'll agree that EA could have been more explicit with their email, but if all it takes to trigger a mass password reset is an official looking email, it won't be long before thieves decide to use that to their advantage. Think first people.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Nov 2019 @ 6:28pm

      Re:

      assuming a hack for redeeming a redemption code, is a bit much

      By definition this means that someone logged into your account redeemed a code. Nevermind where the code came from. If you didn't redeem the code in your account, who the fuck did?

      Not an overreaction at all.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.