EA Forums Online Security Newsletter - Volume 11
As we head into the holiday season and the year comes to a close, I feel it’s the perfect moment to take a breath, slow things down a bit, and ensure our digital lives stay just as safe as everything else we’re wrapping up for the year. Last month, we talked about Privacy & Data Protection in Online Games - how your in-game actions shape your digital identity and why those privacy settings really matter. If you haven’t had a chance to review them yet, this is a great time to do it before the new year begins. As always, I’d love to hear your thoughts. Join the discussion or try this month’s quiz - and yes, you’ll earn a special forum badge for taking part! Stay safe, stay mindful - and enjoy the season! Security Focus: The Weakest Link The holidays often mean new devices, increased online activity, and, unfortunately, more opportunities for attackers. That’s why this edition is all about finding and fixing your weakest security link, so you can step into the new year with confidence. Everything Is Connected Your accounts, devices, apps, habits, and inboxes form one ecosystem. Attackers don’t look for the hardest entry point - they look for the easiest. Sometimes the weak point is something small: an old email account you forgot you had a password you’ve reused for years a device waiting for an update a profile on a service that no longer exists Find Your Weak Point Before you can fix a weak link, you first need to spot it - and that starts with a bit of honest self-checking. These quick questions will help you identify where your digital defences might be softer than you think. Ask yourself: Do I reuse any passwords? Do I delay updates? Do I know how many accounts are associated with my primary email address? If the answer is “yes, but…”, you’ve found your weak spot. Strengthen the Chain Once you’ve identified your weak spots, the next step is reinforcing them. Small changes can make a big difference - and most of them take just a few minutes. Secure your email first -it’s the gateway to all your other accounts Turn on 2FA everywhere it’s available Delete or update old accounts you no longer use Keep your devices updated - it’s your digital immune system Review app permissions and remove those you no longer need Back up your data regularly to protect against loss or ransomware Check your inbox rules and filters to make sure nothing suspicious was added Avoid public Wi-Fi for sensitive actions unless you’re using a VPN Review connected devices on platforms like EA, Google, Microsoft, and Apple Even strengthening just one of these areas can meaningfully improve your overall security — and make your weakest link a lot harder to break. How to keep your EA Account secure Shared Devices - Shared Risk - danisoff article, which explores the potential security risks of shared devices Online Security Newsletter - Volume 11 Quiz
EA Forums Online Security Newsletter - Volume 9
Hello everyone, and welcome to the 9th edition of the EA Forums Online Security Newsletter. It’s October Cybersecurity Awareness Month. We’ll revisit key topics from previous editions to refresh our knowledge and prepare for this month’s optional challenge. Staying secure is essential and should be a priority in every online interaction or purchase. As usual, if you share your experiences or take a quiz, you’ll receive a unique badge on the forums as a token of participation. Now is a good time to introduce this month’s additional, optional challenge. Since October is Cybersecurity Awareness Month, let’s promote online security even more: talk about online safety with your family and those most vulnerable, like your grandparents or kids. Exchange experiences with friends and share the tips you use every day. You can use the information in this newsletter or other resources (check the InfoHub). And, most importantly… Stay safe! Cybersecurity Awareness Month Downloading games Download apps and games only from official stores. Check reviews and ratings, and review requested permissions. Keep your operating system and apps updated, use antivirus software, and avoid illegal “cracked” versions, which often carry malware. Keeping your account secure Use strong, unique passwords and a password manager. Enable Two-Factor Authentication (2FA), such as Google Authenticator (biometric options are often supported). Watch for phishing: verify senders, avoid suspicious links or attachments, and never share personal information. Secure your email, the gateway to many accounts, by enabling two-factor authentication (2FA), monitoring activity, and using encryption for sensitive messages. Biometrics security Biometrics (fingerprints, facial recognition, voice) and passkeys use on-device cryptography to reduce or replace passwords. They resist phishing, brute-force attacks, and password theft while enabling faster logins. Devices store encrypted templates, not raw fingerprint or face images, helping protect security and privacy even if a device is compromised. Online purchases Buy games and currency from official stores or verified sellers; avoid offers that seem too good to be true. Enable two-factor authentication (2FA) on your accounts and use trusted payment methods (e.g., PayPal, Google Pay) with buyer protection. Keep your system and antivirus up to date. Be wary of social engineering: double-check links, verify senders, and remember that legitimate support will not contact you through unofficial channels. Password creation psychology People often prioritize convenience over security, opting for simple or familiar passwords (such as birthdays, names, or team names), reusing them, or following predictable patterns. To strengthen security, use passphrases with unrelated words, employ mnemonics, store unique and complex passwords in a password manager, and update them periodically. Psychology of phishing Phishing exploits the principles of urgency, authority, curiosity, rewards, and social proof. Counter it by pausing when a message sparks excitement or panic, verifying claims via official channels (not embedded links), checking sender details and branding, and treating unsolicited gifts or windfalls as suspicious. If a message seems to come from a friend but feels off, confirm through a separate, trusted channel. In short: slow down, verify independently, and think before you click. Security vulnerabilities A security vulnerability is a flaw that attackers can exploit to steal data, disrupt services, or gain unauthorized access, distinct from cheating, which manipulates in-game mechanics. If you discover a vulnerability in an EA game or service, report it via the Security Vulnerability Submission form on the EA Security website. Include the product, platform, version, discovery time, impact, reproduction steps, and any supporting evidence. EA evaluates reports using CVSS and a four-tier severity scale (Critical, Important, Moderate, Low), alongside the STRIDE model. Cheating or account issues should be reported via in-game tools or EA account support, not through this form. European Cybersecurity Awareness Month Cybersecurity Awareness Month CISA National Cybersecurity Alliance How to keep your EA Account secure Online Security Newsletter - Volume 9 QuizEA Forums Online Security Newsletter - Volume 5
Welcome to all our readers - whether you're a long-time subscriber or joining us for the first time—for the latest edition of our newsletter! This month, we invite you to engage in a conversation about security, our featured topic, and much more. Each edition is an opportunity to share your security tips, experiences, or insights with us. In last month’s edition, we explored the critical topic of safe online transactions. With the summer promotions season fast approaching, now is the perfect time to refresh your knowledge or check out our tips if you haven’t already. We also introduced the latest updates to EA’s flagship anti-cheat system, EA Javelin. If you’re unfamiliar with EA Javelin, we encourage you to revisit last month’s newsletter to learn more. This month, we’re exploring the fascinating topic of passwords from a psychological perspective. Why do we choose certain passwords over others? What motivates our choices? And what strategies can help you create strong, secure passwords? You’ll find answers to these questions and more in the Security Focus section. As always, your participation in the newsletter—whether through comments, quizzes, or sharing your experiences—earns you a participation token: a unique badge on the forum. Don’t miss out! We would also like to highlight recent software blocks in EA Javelin. AntiCheatWard from EA's anti-cheat team shared that the Disc-Soft block was implemented due to cheat-like scripts circulating in the ReWASD community, which automate actions like recoil control and skill-based challenges in games. While EA Javelin Anticheat supports legitimate remapping tools like Steam Input and Microsoft's Keyboard Manager, Disc-Soft's attempts to bypass anti-cheat checks and its tolerance of these scripts led to blocking their virtual hardware and drivers. We encourage you to uninstall the software and provide feedback to the vendor, with hopes that changes in their practices could allow for more targeted blocks in the future. You'll find the link to the full article in the InfoHub Section. Stay safe! The Psychology of Password Creation In today's digital age, passwords are crucial for safeguarding our personal and professional information. Yet many people struggle with creating and remembering secure passwords. This challenge is deeply rooted in human psychology and impacts how we choose and manage our passwords. Cognitive Load and Memory It is human nature to simplify complex tasks, which leads to choosing passwords that are easy to remember. As a result, simple choices can be made, such as using sequential numbers, common words, or birthdays. These elements reduce cognitive load, but at the same time, they compromise security. Familiarity Bias People tend to choose passwords that are familiar or meaningful to them. It can be the names of loved ones, favourite sports teams, or phrases that are familiar to you. While these choices make passwords easier to remember, they also make them easier to guess. Risk Perception Many users underestimate the risk of cyber threats, believing that they are unlikely targets. This perception leads to less rigorous password practices, such as using the same password across multiple accounts or opting for simple, easily cracked passwords. The Role of Emotion Emotional attachment can play a significant role in password creation. People often choose passwords that evoke positive feelings or memories, which makes them easier to recall. However, emotional passwords can be predictable for anyone familiar with the user. Social Influence Social factors, such as advice from friends or media, can impact password choices. Recommendations to use complex passwords might be acknowledged but not always implemented due to the inconvenience of remembering them. Strategies for Improvement Use Passphrases Combining unrelated words into a passphrase increases complexity while remaining memorable. Leverage Mnemonics Creating a mnemonic device can help recall complex passwords. Employ Password Managers These tools reduce the burden of remembering multiple passwords while ensuring they are strong and unique. Periodic Password Updates Changing passwords can mitigate risks associated with compromised credentials. But don't make it a burden, as accourding to NIST research over complicating the password changing process might have opposite effect. Online Security Newsletter - Feedback Form Online Security Newsletter - Challenge Creation Interest Form EA Javelin Anticheat & Recent Software Blocks Online Security Newsletter - Volume 5 QuizEA Forums Online Security Newsletter - Volume 10
Happy Halloween 🎃! Trick or Treat Night marks the last day of the month, and it’s also the day we publish our monthly newsletter. Before we dive into this month’s topic, let’s take a quick look back at our previous edition, which was a collection of online security tips from past issues, all tied to Cybersecurity Awareness Month in October. Speaking of this special month for cybersecurity, have you shared any security tips with your friends or family? Have they shared their experiences with you, or have you come across an interesting article related to cybersecurity? If so, please share them with us in the comments to help spread awareness! This month’s security focus is Privacy & Data Protection in Online Games. As usual, we’ll share valuable insights around this topic and encourage you to join the discussion. Every participant, whether by joining the conversation or completing this month’s quiz, will receive a unique token of participation in the form of a forum badge! Stay safe! Privacy & Data Protection in Online Games Let’s Talk Privacy First Gaming is all about fun, but when you’re online, your data becomes part of the game too. Every time you log in, chat with friends, or complete a match, you’re leaving traces of personal information. That’s why knowing what’s collected, how it’s used, and what you can control matters. Good data protection isn’t just a checkbox; it’s about building a foundation: limiting what’s collected, securing it properly, and giving you meaningful control over your profile. When developers bake “privacy-by-design” into games, everyone wins. Why Your Gaming Data Matters In modern titles, you don’t just play, you participate. Achievements, stats, social play, linked platforms, and even targeted offers become part of your profile. That means your digital identity is just as important as your gamer tag. Mistakes here can expose your account to unwanted risks, such as phishing, identity theft, or oversharing. By taking a proactive approach to your privacy settings, you’re effectively controlling your account’s visibility and the footprint of your data. Think of it as choosing who sees your high-score highlights and who doesn’t. EA’s Commitment to Player Privacy You can learn how EA handles player information through “Investing in Privacy and Security” commitments. EA's global privacy program adheres to recognized best practices, ensuring that “privacy-by-design” is integrated into all games, services, and operations. This means EA provides notice of its data practices, offers users choices, and grants rights such as access, correction, and deletion of personal information. For us, gamers, that means the studio isn’t just collecting data for the sake of it; they claim to be mindful of scope, minimize processing where possible, and maintain safeguards against unauthorized access. Real Control: Adjusting Your Privacy Settings On your EA Account, you’ll find the “Security & Privacy” tab. This is where you take action. You can control how your data is used internally and by third parties, download a copy of your data, or request deletion of your account data. How to update your EA Account privacy settings Investing in Privacy and Security Online Security Newsletter - Volume 10 QuizEA Forums Online Security Newsletter - Volume 8
Welcome to the 8th edition of our monthly newsletter on online security for gamers. This month, we'll take a closer look at the topic of cloud security. Many of you are already familiar with the cloud, but some might still be wondering what it actually is and why it matters. As always, we encourage you to share your security experiences with us—not only related to the cloud but also in general. Before diving into the main topic, I’d like to highlight last month’s edition, where we discussed security vulnerabilities, which are often confused with in-game cheating. If you haven’t had a chance to catch up, you can find the link to past issues here. We also invite you to participate in the conversation, share your stories, and test your knowledge with a short quiz based on this month’s release. Every participant will receive a unique participation token in the form of a forum badge. Stay safe! What does it mean that data is stored in the cloud? The cloud is a network of interconnected servers across the globe. Instead of owning a server yourself, you can “borrow” storage, bandwidth, or computing power from these providers. While the provider is responsible for securing the hardware, you are responsible for protecting the data you upload by keeping your accounts, passwords, and devices secure. How secure is the cloud? Technology giants like AWS and Google invest billions in physical and digital security. Physical measures include multiple layers of on-site protection, redundancy, and trained personnel. Digital measures cover DDoS mitigation, strong encryption, and continuous monitoring. In short, the infrastructure itself is highly secure, but the human side (your credentials and devices) remains a key responsibility. Who uses cloud solutions? Cloud services are everywhere. On the consumer side, tools like OneDrive and Dropbox make it easy to store files. On the enterprise side, companies like Netflix, Spotify, and of course EA, rely on the cloud to deliver seamless entertainment to millions of users worldwide. What about cloud gaming? Cloud gaming allows you to stream game titles directly to almost any screen, your TV, phone, or PC, without needing high-end hardware. The game runs on remote servers, while you interact through streaming. Remember, even though the game isn’t running locally, your account security is still crucial. Always enable MFA/TFA and connect only through trusted networks. Cloud backup Want to preserve your favorite Battlefield moment or months of progress in The Sims 4? Follow the 3-2-1 rule: Keep 3 copies of your data, On 2 different types of storage, With 1 copy in the cloud. This strategy minimizes the risk of losing your important files and ensures your memories stay safe. What is the cloud? Xbox - What's the difference between cloud gaming and remote play? How to keep your EA Account secure Online Security Newsletter - Volume 8 Quiz
Spieler/Eltern, die Kontrolle liegt in Euren Händen - Kontosicherheit 101:
Gastblogger Asmodeus566 ist Mitglied des EA Community Superuser Program. Zunächst möchte ich alle daran erinnern, dass die Sicherheit des Kontos beim Kontoinhaber beginnt. Es liegt in der Verantwortung des Kontoinhabers, den Überblick über sein Konto zu behalten, sicherzustellen, dass es aktuell ist und dass andere nicht darauf zugreifen. Wenn andere euer Konto nutzen und es gesperrt wird, liegt die Verantwortung bei euch und nicht bei EA. So schützt du dein Konto und deine Hardware 101: Verwende sichere Passwörter für dein Spielkonto. Behalte den Überblick über deine Spielkontoinformationen (Eigentümerschaft) und darüber, mit welchen anderen Konten du verknüpft bist. Verwende sichere Passwörter für das zugehörige E-Mail-Konto. Behalte den Überblick über deine E-Mail-Konten und deren Verknüpfungen. Teile keines deiner Passwörter mit anderen. Notiere dir deine Passwörter an einem sicheren Ort. Verwende keine E-Mail-Konten, über die du keine vollständige Kontrolle hast, wie etwa solche, die von Schulen, Universitäten, Arbeitsplätzen oder anderen Organisationen usw. zur Verfügung gestellt werden. Wenn die Organisation deine E-Mail widerruft oder dudie Schule verlässt, den Arbeitsplatz wechselst usw. und keinen Zugriff mehr auf diese E-Mail hast, wirst du letztendlich Probleme haben, die du weder willst noch brauchst. Gib keines dieser Passwörter an andere weiter. Bewahre deine Passwörter an einem sicheren Ort auf. Aktiviere die Zwei-Faktor-Identifizierung sowohl für das Spiel als auch für die zugehörigen E-Mail-Konten. Lasse nicht zu, dass andere (Freunde und Familie) dein Spielkonto verwenden, denn wenn sie auf deinem Konto etwas falsch machen, ist es immer noch deine Schuld. Niemand möchte eine Sanktion für sein Konto, weil jemand anderes etwas Falsches getan oder gesagt hat. Benutze keine Internetcafés, um auf dein Konto zuzugreifen und zu spielen. Du weißt nicht, welche Software sich auf der dortigen Hardware befindet und ob für die Hardware im Café ein Hardwareverbot gilt, was sich negativ auf dein Konto auswirken kann. Ich würde vorschlagen, dass du nur mit deiner eigenen vertrauenswürdigen Hardware auf dein Konto zugreifst. Das Spielen auf der Hardware einer anderen Person birgt die gleichen Risiken wie oben. Ich würde auch empfehlen, anderen nicht zu erlauben, deine Hardware zum Spielen mit deinem Konto zu verwenden, denn wenn du während der Nutzung ein Hardware-Verbot für deine Hardware bekommst, kann sich das negativ auf dein Konto auswirken. Auch der Kauf gebrauchter Hardware birgt Risiken. Die Hardware hätte gesperrt werden können und dies ist kein EA-Problem, sondern ein Problem zwischen Käufer und Verkäufer. Spiele nett mit anderen, d. h. erniedrige, belästige oder schikaniere andere nicht im Chat oder über Sprachkommunikation. Beides kann gemeldet werden und das kann sich auch negativ auf dein Konto auswirken. Verwenden keine anstößigen Benutzer-/Gamer-Tags/Club-Tags. Wenn du eine Warnung bezüglich Benutzer-/Gamer-Tags/Club-Tags erhältst, ändere diese, da sich das sonst negativ auf dein Konto auswirken kann. Unfair spielen, Boosten und Teaming sind Betrug. Unfair zu spielen und Betrugssoftware oder -hardware zu verwenden, ist nicht fair und betrügt eigentlich nur sich selbst. Kaufe und verkaufe keine Konten. Weißt du wirklich, was mit dem Konto passiert ist? Welche Cyber-Informationen gibst du preis? Wie hoch ist das Risiko, dass das Konto bereits gesperrt ist? Welches Risiko besteht für deine Hardware und deine persönlichen Daten? Lese die Nutzungsbedingungen und die Verkaufsbedingungen, mit denen du zum Spielen dieses Spiels zugestimmt hast, noch einmal durch und halte dich daran. EA-Nutzervereinbarung und https://www.ea.com/de-de/legal/terms-of-sale Zu den Punkten 7, 8 und 9: Wenn mehrere Spieler oder die ganze Familie dieselbe Hardware nutzen und Vertrauen herrschen muss, sollte gemeinsam über die Regeln für die gemeinsame Nutzung der Hardware gesprochen werden. So wird sichergestellt, dass alle Spieler Spaß an der gemeinsamen Hardware haben und alle Konten sicher sind. Wenn du glaubst, gehackt worden zu sein, ergreife geeignete Maßnahmen, um dein Konto und das zugehörige E-Mail-Konto zu sichern: https://help.ea.com/de/articles/ea-account/secure-hacked-account/ Wenn du der Meinung bist, dass eine Sanktion (Sperrung/Sperrung) für dein Konto irrtümlich erfolgte, solltest du dich an das Terms of Services Team wenden: kontaktiere uns hier So kontaktierst du den EA-Support: https://help.ea.com/de/ Hoffentlich helfen diese Tipps dabei, dein Konto zu schützen, damit du weiterspielen kannst. Normalerweise findet man mich in den EA Apex-Foren auf Englisch und manchmal im Apex German (Deutsch)-Forum. Wenn du also Hilfe brauchst, poste im Apex Legends-Forum und tagge mich dort.Players/Parents, video game control is in your hands. Account Security 101:
Guest blogger Asmodeus566 is a member of the EA Community Superuser Program. First off, I would like to remind everyone that account security starts with the account holder. Keeping track of your account, what it is connected to, ensuring that it is up to date and that others do not access it, is the responsibility of the account owner. If others use your account and get a ban on it it is your fault not theirs and not EA's. Account Security/Safety 101: How to keep your account and hardware safe: Use strong passwords for you game accounts. Keep track of your game account information (ownership) and to what other accounts they are connected to. Use strong passwords for the associated e-mail account. Keep track of your e-mail accounts and what they are connected to. Keep your gaming accounts, associated e-mail accounts and passwords up to date, log in to them at least once a month so that they do not become disabled or de-activated. Do not use e-mail accounts that you cannot fully control, like those provided to you through, schools, universities, workplace and or other organizations etc. If the organization. revokes your e-mail or you leave the school, switch workplace etc and no longer have access to that e-mail, you will end up having issues you do not want or need. Do not share either of these passwords with others. Keep note of your passwords in a safe place. Enable two factor identification for both the game and associated e-mail accounts. Do not let others use your game account (friends and family alike) because if they do something wrong on your account it is still your fault. Nobody wants to have a sanction on their account because somebody else did or said something wrong. Do not use internet café’s to access your account to play. You do not know what software is on the hardware there. You do not know if the hardware at the cafe has a hardware ban. All of this can affect your account in a negative way. I would suggest only accessing your account with your own trusted hardware, gaming on another person’s hardware brings some of the same risks as above. I would also suggest not letting others use your hardware to play with their account, because if they get a hardware ban on your hardware while using it, it can have a negative effect on your account. Buying used hardware comes with risks as well. The hardware could have been banned, and this is not an EA problem, but a problem between the buyer and the seller. Play nice with others, in other words do not de-mean, harass or bully others in Chat or over voice coms, both can be reported and that can also have a negative effect on your account. Use non-offensive user/gamer tag/club tags, if you get a warning about user/gamer tag/club tags, change it, doing otherwise can lead to a negative effect on your account. Play fair, boosting and teaming are cheating. Play fair, using cheating software or hardware is not fair and is really only cheating yourself. Do not buy and or sell accounts. Do you really know what has been done with the account? What cyber information are you giving up? What risk is there that the account is already banned? What is the risk to your hardware and personal information? Re-read the Terms of Service agreement and the Terms of Sale agreement. You agreed to play this game and adhere to it. EA User Agreement and EA Terms of Sale About points 7, 8, and 9, where a number of players or the entire family are using the same hardware and there has to be trust there, talking together about the does and don’ts on the use of the shared hardware should be done. This will ensure that everyone can enjoy what they do on the shared hardware and everyone's account can be safe. If you believe you have been hacked take appropriate measures to secure your account and associated e-mail account: Secure a Hacked EA Account If you believe that a sanction (Suspension/Ban) placed on your account was by mistake you should reach out to the Terms of Service team: Information about locked/banned/suspended accounts Contacting EA help: EA Help Hopefully these tips will help keep your account safe so that you can keep on gaming. I can usually be found on the EA Apex forums in English and sometimes on the Apex German (Deutsch) Forum, So if you need some help, post on the Apex Legends forum and tag me. See Spoiler below for German (Deutsch) translation.EA Forums Online Security Newsletter - Volume 7
Welcome to another summer issue of our newsletter (for those in the Northern Hemisphere). Last month, we continued our series on phishing from a psychological perspective. This approach, which began two issues ago with a look at password creation, offers valuable insights into how bad actors operate. If you missed the previous issues, be sure to check them out - they’re definitely worth reading! EA Forums Online Security Newsletter - Volume 5 EA Forums Online Security Newsletter - Volume 6 This month, we focus on the important topic of reporting vulnerabilities in EA games and products. We recently published the Vulnerability Disclosure Hall of Fame, recognizing researchers who helped patch security issues in EA products or games during the past quarter. What is a security vulnerability, and how does it differ from cheating in a game? How can you report a security vulnerability in an EA game or service, and what information should you provide? You’ll find answers to these questions in the Security Focus section of the newsletter. As always, you can earn a unique forum badge by sharing your experiences in the newsletter comments or by taking the quiz. Stay safe! What is a Security Vulnerability? A security vulnerability is a weakness in a system that an attacker could exploit to cause harm, like stealing information or disrupting services. This is different from cheating in a game, which involves a player unfairly manipulating game rules for personal gain within the game itself, rather than exploiting a flaw in the underlying software. If I've found a Security Vulnerability, how do I report it? To report a security vulnerability in an EA game or service, you should fill out the Security Vulnerability Submission form on the EA Security Website. When submitting a report, include details such as the affected game or product, platform, version, time of discovery, what the vulnerability allows, steps to reproduce it, and any supporting evidence like screenshots or sample code. How does EA classify reported Vulnerabilities? EA classifies the severity of reported vulnerabilities using industry standards like the CVSS scoring system and a four-tier scale (Critical, Important, Moderate, Low), with the most severe issues requiring little or no user interaction to exploit. The impact of each vulnerability is further assessed using the STRIDE Security Model, and each report is carefully triaged and investigated by EA’s security team. Can I report cheating in-game through the Security Vulnerability Submission? Short answer - NO. Reporting cheating or account issues is handled separately from security vulnerabilities; cheating should be reported through in-game tools, and account security concerns should be addressed via EA’s account management resources. EA Coordinated Vulnerability Disclosure Hall of Fame What to do if you find a vulnerability in an EA game or product Report cheating, harassment, and illegal content Online Security Newsletter - Volume 7 Quiz
