Is there any actual evidence that this was done via an EAC exploit?

These could be two spear phished players with hacked PCs. (2 of the best and biggest audiences making them ideal targets). People have also mentioned r5 potentially being a culprit.

If this was eac related or even a bigger client side hack (RCE), you’d think it’d be more wide spread.

I wish the reporting on this was better all around. At this point I’ve seen no actual evidence of anything supporting RCE or that it was EAC to blame.