Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn more about the event. 


Hackers have broken into an Electronic Arts games server and are using it to host a phishing site that steals Apple IDs, according to a report from security firm Netcraft.

The firm published the report some 10 hours ago and contacted EA Games to alert the company to the vulnerability.

Researchers at Netcraft suspect that the hack takes advantage of a known security flaw in an old version of WebCalendar.

“The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network,” writes a Netcraft spokesperson.

Event

The 2nd Annual GamesBeat and Facebook Gaming Summit and GamesBeat: Into the Metaverse 2

January 25 – 27, 2022

Learn More

The official statement from EA spokesperson John Reseburg: “We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.”

The phishing site works like this: When visitors go to one of the targeted sites at EA.com, a fake popup appears asking them to submit an Apple ID and password. Victims are then redirected to a second form and asked to verify their full name, card number, expiration date, verification code, date of birth, phone number, and other details that would be useful to commit fraud. After the users submit these details, the page redirects them to the Apple ID website.

Netcraft also reported that EA Games is currently being targeted in other phishing attacks to steal user data from its Origin game distribution service — at a time when it’s seeing higher activity after the release of the sci-fi shooter Titanfall.

This wouldn’t be the first time. In May, a fatal flaw in EA’s Origin service may have enabled hackers to remotely execute software on a target’s Mac or PC, according to Malta-based security researchers ReVuln.

Read the full security report here.

GamesBeat

GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and "open office" events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties
Become a member