EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them
from the aaaaaah! dept
In our ongoing discussions about the new platform wars going on between Steam and the Epic Store, perhaps we’ve been unfair to another participant in those wars: EA’s Origin. Except that no we haven’t, since Origin is strictly used for EA published games, and now EA is pushing out games on Steam as well. All of which is to say that Origin, somehow, is still a thing.
Enough of a thing, actually, for EA to have tried to do something beneficial around Cybersecurity Month. For Origin users that enabled two-factor authentication on the platform, EA promised to reward those users with a free month of Origin Access Basic. That free month would give those that had enabled better security on their accounts access to discounts on new games and downloads of old games. Cool, right?
Well, sure, except that the method by which EA decided to make good on its promise basically scared the shit out of a whole bunch of people.
This morning at around 3am, jolted awake by an antsy newborn, I rolled over to check my email and was alarmed to see a message from EA with the subject: “You’ve redeemed an Origin Access Membership Code.” Goddamnit, I thought. Did someone hack me? Turns out it was just EA starting off everyone’s day with a nice little scare.
The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month. It looked for all the world like any other purchase confirmation from Origin does. This sent a whole bunch of people scrambling, assuming their accounts had been hacked. Then those same people jumped on Twitter, either recognizing that this scare was a result of EA’s crappy communication, or else not realizing that and asking all of Twitter what to do now.
That all of this came as a result of a Cybersecurity Month initiative was an irony not lost on the public.
Ironically, this email came as the result of an EA initiative to reward users of its PC platform with more security. Last month, EA quietly announced that Origin users with two-step verification enabled (in honor of “National Cybersecurity Month”) would get a free month of Origin Access Basic, which offers discounts and access to a bunch of old games. This was them making good on that promise.
Now if only “making good” hadn’t also equated to “scaring the hell out of users into thinking they’d been hacked and might have even lost all of their progress in Star Wars Jedi Fallen Order and had to start from scratch just like their buddy Kirk did.” Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords, especially in a world where just about every company (EA included) has been the target of a massive security breach.
EA: where even when the company tries to do something nice and good, it just ends up scaring the shit out of everyone.
Filed Under: 2fa, ea origin, platforms, two factor authentication, video games
Companies: ea
Comments on “EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them”
"Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords"
We were just enforcing best cybersecurity practices, to make sure people weren’t recycling passwords.
Re:
EA: “Recycling assets is for the Madden series, anyway.”
I went a bit paranoid and might have changed every password i have that was slightly connected to it..
so everything.
Also went on a Two-factor authentication spree.
Only took half a day and was happy with my swift and measured response until i read this article.
Thanks.
Re: Re:
If "two factor" meant "SMS to your phone", you probably got the opposite of what you expected as far as security.
Never attribute to malice...
…that which can be adequately explained by incompetence.
At least they got a code, so of us are still waiting for this promised free month of access…
That makes sense ...
EA last good deed was so long ago that they simply don’t remember how to make a good deed anymore 😉
So, overreaction? On one hand it’s good that some people are taking their online security more seriously, but for gods sakes, assuming a hack for redeeming a redemption code, is a bit much.
By definition redemption means that the "purchase" was already made. So if you have no corresponding purchase notification, receipt, or deduction on your bank account(s), you haven’t lost anything. At the very least do some research before jumping to conclusions.
I’ll agree that EA could have been more explicit with their email, but if all it takes to trigger a mass password reset is an official looking email, it won’t be long before thieves decide to use that to their advantage. Think first people.
Re: Re:
By definition this means that someone logged into your account redeemed a code. Nevermind where the code came from. If you didn’t redeem the code in your account, who the fuck did?
Not an overreaction at all.