EA/Origin Rewards Adopters Of Extra Security By Scaring The Shit Out Of Them
from the aaaaaah! dept
In our ongoing discussions about the new platform wars going on between Steam and the Epic Store, perhaps we've been unfair to another participant in those wars: EA's Origin. Except that no we haven't, since Origin is strictly used for EA published games, and now EA is pushing out games on Steam as well. All of which is to say that Origin, somehow, is still a thing.
Enough of a thing, actually, for EA to have tried to do something beneficial around Cybersecurity Month. For Origin users that enabled two-factor authentication on the platform, EA promised to reward those users with a free month of Origin Access Basic. That free month would give those that had enabled better security on their accounts access to discounts on new games and downloads of old games. Cool, right?
Well, sure, except that the method by which EA decided to make good on its promise basically scared the shit out of a whole bunch of people.
This morning at around 3am, jolted awake by an antsy newborn, I rolled over to check my email and was alarmed to see a message from EA with the subject: “You’ve redeemed an Origin Access Membership Code.” Goddamnit, I thought. Did someone hack me? Turns out it was just EA starting off everyone’s day with a nice little scare.
The email thanked the user for redeeming the access code without mentioning as a reminder that any of this was tied to enabling 2FA last month. It looked for all the world like any other purchase confirmation from Origin does. This sent a whole bunch of people scrambling, assuming their accounts had been hacked. Then those same people jumped on Twitter, either recognizing that this scare was a result of EA's crappy communication, or else not realizing that and asking all of Twitter what to do now.
That all of this came as a result of a Cybersecurity Month initiative was an irony not lost on the public.
Ironically, this email came as the result of an EA initiative to reward users of its PC platform with more security. Last month, EA quietly announced that Origin users with two-step verification enabled (in honor of “National Cybersecurity Month”) would get a free month of Origin Access Basic, which offers discounts and access to a bunch of old games. This was them making good on that promise.
Now if only “making good” hadn’t also equated to “scaring the hell out of users into thinking they’d been hacked and might have even lost all of their progress in Star Wars Jedi Fallen Order and had to start from scratch just like their buddy Kirk did.” Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords, especially in a world where just about every company (EA included) has been the target of a massive security breach.
EA: where even when the company tries to do something nice and good, it just ends up scaring the shit out of everyone.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 2fa, ea origin, platforms, two factor authentication, video games
Companies: ea
Reader Comments
Subscribe: RSS
View by: Time | Thread
"Telling people that they’ve redeemed a code out of the blue is a good way to get them to immediately freak out and change all their passwords"
We were just enforcing best cybersecurity practices, to make sure people weren't recycling passwords.
[ link to this | view in chronology ]
EA: “Recycling assets is for the Madden series, anyway.”
[ link to this | view in chronology ]
I went a bit paranoid and might have changed every password i have that was slightly connected to it..
so everything.
Also went on a Two-factor authentication spree.
Only took half a day and was happy with my swift and measured response until i read this article.
Thanks.
[ link to this | view in chronology ]
Re:
If "two factor" meant "SMS to your phone", you probably got the opposite of what you expected as far as security.
[ link to this | view in chronology ]
Never attribute to malice...
...that which can be adequately explained by incompetence.
[ link to this | view in chronology ]
At least they got a code, so of us are still waiting for this promised free month of access...
[ link to this | view in chronology ]
That makes sense ...
EA last good deed was so long ago that they simply don't remember how to make a good deed anymore ;)
[ link to this | view in chronology ]
So, overreaction? On one hand it's good that some people are taking their online security more seriously, but for gods sakes, assuming a hack for redeeming a redemption code, is a bit much.
By definition redemption means that the "purchase" was already made. So if you have no corresponding purchase notification, receipt, or deduction on your bank account(s), you haven't lost anything. At the very least do some research before jumping to conclusions.
I'll agree that EA could have been more explicit with their email, but if all it takes to trigger a mass password reset is an official looking email, it won't be long before thieves decide to use that to their advantage. Think first people.
[ link to this | view in chronology ]
Re:
By definition this means that someone logged into your account redeemed a code. Nevermind where the code came from. If you didn't redeem the code in your account, who the fuck did?
Not an overreaction at all.
[ link to this | view in chronology ]