The Apex Legends Account Stealing Scandal Explained
An "Apex Legends" player reported that a supposed EA employee abused his access to repeatedly hijack and sell his and others' whale accounts as a side business. The player's case spread over social media as support representatives tried to solve the mystery surrounding hacker "Rebzya."
Redditor karankhushalani, also known as Zer0, posted a thread discussing abuse of power within EA. Zer0 met the hacker playing "Apex Legends" ranked on EU servers. Rebzya, the hacker in question, said they were impressed with Zer0's account asked to see more of it over Discord. Importantly, Zer0 identifies as an "Apex Legends" whale — a person who spends a significant amount of money and time on the game. As a result, their account has many impressive stats and items, which they detailed in a Reddit post.
Zer0 thought it would be a harmless favor to show in-game stuff like skins and heirlooms. However, after the Discord call, Zer0 found that their account had been hacked and that Rebzya blocked them. Though Zer0 easily recovered the account through EA support, the hacker reclaimed the account within the next hour.
Zer0 recounted the account recovery process in their post, noting that first EA support deactivated their account. Then, the hacker changed the email address and sent a link to change the password. Each time Zer0 attempted to secure the account by changing their credentials, Rebzya was able to change the email and steal the account back. Somehow, Rebzya bypassed the typical "email changed" and "2fa code" alerts needed to verify the user's account, and regained access in some other way.
In the middle of Zer0's third support request, Rebzya allegedly contacted them on Discord to brag about the stolen account. Rebzya then revealed, "EA support can't help you now. I work for EA."
We still don't know who Rebzya really is
Zer0 wrote that they didn't believe Rebzya's claims at first. However, even when they tried to add a different credit card, birthdate, and security question, Rebzya stole the account back in seconds. Other efforts, like checking electronic devices for malware, didn't help either.
Eventually, Zer0 asked EA support for help deactivating their account. EA representative XAR witnessed the hacker resetting the email as he was recovering it, and also banning the account for cheating and then unbanning it. After seeing the hacker at work, XAR said that he believed it was likely an employee abusing their access rather than a random hacker. The representative spoke with their supervisor and escalated the case to EA's special internal security team, which is now investigating both the stolen accounts and the Rebzya's identity.
XAR said that they would try to have more information later in the week. Unfortunately, Zer0's still appears to be hacked. One of their friends also allegedly had their account stolen and at least 10 other threads have reported Rebzya, too. Zer0 is currently encouraging other victims to DM them so that they can keep track of cases.
"Hopefully, now EA can't ignore this anymore," Zer0 wrote on Reddit. "I'm coming for my pred badges, Rebzya."