During one of my bi-weekly virus scans yesterday I found a virus had embedded itself in my EA Games file (I'm still going through my history to figure out from where as I haven't been to any sites I haven't been to before). Once I removed the offender, the first thing I did was go to my EA account and change the password. Later on, I realized that I hadn't updated my credit card info to account for the new expiration date on the card I have on record. Once this was done, I'd gone over to my email account and responded to an email I'd received eariler, and found 2 emails from EA that basically said "xxx has been changed". This struck me as strange that a company as large as EA wouldn't have some type of "confirmation required" email. If someone got hold of an account's password, they could change the email to whatever email they wanted to, then the notification would get sent to the new email and not the old. Whomever the account belonged to would never receive any kind of notification, and wouldn't know their account had been hacked until they actually tried to log in. If the security had the check in place that any changes to the email address had to be verified by clicking on a link on the OLD email address, with no changes to the account being accepted until this was done, it would go a long way toward the basic security that most people expect from secure sites. So how about it EA/Mythic? Can we get a little security with our security?