Security Vulnerability Submission refused by EA

Hey IvanDoomer​ if you received a reply that it was not something that the security team recognises as a concern then this would be the case.

What you are describing sounds less like a security issue on the EA side but rather an issue with your email being compromised. 

Have you spoken with your email provider to ensure that you are the only one who has access to it?

Darko

Hi EA_Darko, I am an IT Sec guy with 25+ years of experience. My mailbox is not compromised, and its clear that we are talking about a weakness on email address verification workflow. Your sec team is not prepared to identify and work over sec issues, sorry.

Hi EA_Darko​, I have the same problem. I’ve never had an EA account, but I just got a message saying I was blocked. I restored access using "Forgot password" and found out that my email was already verified. My mailbox has 2FA enabled, and I didn’t see any other sessions there. So, I agree with IvanDoomer​ that EA has a security weakness.
I don’t expect much from EA about soution. I know you may never admit it and can still claim everything is fine, but the fact is that there is a problem.

Issues with security on your email are something that you will need to address yourself.

That our team got your report and investigated it without taking any further action would mean that they did not find any issue.

Darko

Hi EA_Darko, it's truly intriguing how a security vulnerability so clearly outlined can be swiftly dismissed by EA's security team. One might assume that a team entrusted with protecting millions of users would have the expertise and rigor to recognize and address such concerns. Perhaps this incident is a subtle reminder that sometimes, having a security team is not quite the same as having a truly competent one. Hopefully, this feedback encourages a reassessment of the skills and processes currently in place to ensure EA’s platforms are secure—not just in theory, but in practice.