EA Forums Online Security Newsletter - Volume 7
Welcome to the latest edition of our Online Security Newsletter!
Welcome to another summer issue of our newsletter (for those in the Northern Hemisphere). Last month, we continued our series on phishing from a psychological perspective. This approach, which began two issues ago with a look at password creation, offers valuable insights into how bad actors operate. If you missed the previous issues, be sure to check them out - they’re definitely worth reading!
EA Forums Online Security Newsletter - Volume 5
EA Forums Online Security Newsletter - Volume 6
This month, we focus on the important topic of reporting vulnerabilities in EA games and products. We recently published the Vulnerability Disclosure Hall of Fame, recognizing researchers who helped patch security issues in EA products or games during the past quarter.
What is a security vulnerability, and how does it differ from cheating in a game? How can you report a security vulnerability in an EA game or service, and what information should you provide?
You’ll find answers to these questions in the Security Focus section of the newsletter.
As always, you can earn a unique forum badge by sharing your experiences in the newsletter comments or by taking the quiz.
Stay safe!
What is a Security Vulnerability?
A security vulnerability is a weakness in a system that an attacker could exploit to cause harm, like stealing information or disrupting services. This is different from cheating in a game, which involves a player unfairly manipulating game rules for personal gain within the game itself, rather than exploiting a flaw in the underlying software.
If I've found a Security Vulnerability, how do I report it?
To report a security vulnerability in an EA game or service, you should fill out the Security Vulnerability Submission form on the EA Security Website. When submitting a report, include details such as the affected game or product, platform, version, time of discovery, what the vulnerability allows, steps to reproduce it, and any supporting evidence like screenshots or sample code.
How does EA classify reported Vulnerabilities?
EA classifies the severity of reported vulnerabilities using industry standards like the CVSS scoring system and a four-tier scale (Critical, Important, Moderate, Low), with the most severe issues requiring little or no user interaction to exploit. The impact of each vulnerability is further assessed using the STRIDE Security Model, and each report is carefully triaged and investigated by EA’s security team.
Can I report cheating in-game through the Security Vulnerability Submission?
Short answer - NO. Reporting cheating or account issues is handled separately from security vulnerabilities; cheating should be reported through in-game tools, and account security concerns should be addressed via EA’s account management resources.