Comment by jerf
If someone was out to maximize chaos and not just make money, this is in all seriousness in the class of problems that someone intelligent could have used to all but destroy EA. You don't offer an API with targeted usage, and you sure don't ban everyone.
There's lots of fun ideas you can go for here, but just as one, suppose I spend a month banning accounts that haven't played much, but more than zero. Then go quiet for a couple of weeks. EA frontline support notices but if you play your cards right they don't put the pieces together and nobody is quite roused to investigate. Then you start up again, somewhat faster, spend a couple of days banning a good chunk of medium sized accounts. Then maybe at the end you ban the biggest accounts as quickly as you can.
Now the bannings are news. EA's PR is probably completely blown out by the crisis and starts saying contradictory things. (My guess is that initially they end up backing their right to ban people and releasing statements to the effect of how right they probably are; this is, in the end, a huge mistake on their part.) Gamers can be reliably expected to start a ton of rumors, take them in the worst way possible, and antagonize EA, and EA is pretty likely to make at least one class-A error in being antagonistic back. (The hackers could even supply some of the rumors and some bots to get them going, though I doubt it'll be necessary. The gamer community is pretty well primed to turn on EA.) A ton of people who are curious but figure this can't be affecting them because they hardly use the service log in and discover they've been banned despite not having done anything on EA in six months. The fire rises as they post to reddit and hundreds of people chime in with "WTF, me too!", even if it's only a small percentage of the total people who check.
Several days later, EA puts all the pieces together confidently enough to be sure that they can announce it's a hack. They're right. Nobody cares. Half of the gamer community doesn't even believe their defense.
It's hard to guess what the upper bound of damage is on this scenario.
I think you are right, banning would cause too many issues and be loud.
I think the real quiet $ maker would be stealing usernames instead.
Like if you wanted the EA gametag of jerf but someone else had it, you could steal it using OPs method if it was still unpatched. A pay service for this would be viable in low volume and on the EA side it would just look like the user did it.
The seller of service would have to implement some kind of checks to make sure for example they weren't stealing the username of a top streamer or etc which would bring heat.