Connect with top gaming leaders in Los Angeles at GamesBeat Summit 2023 this May 22-23. Register here.
Hackers have broken into an Electronic Arts games server and are using it to host a phishing site that steals Apple IDs, according to a report from security firm Netcraft.
The firm published the report some 10 hours ago and contacted EA Games to alert the company to the vulnerability.
Researchers at Netcraft suspect that the hack takes advantage of a known security flaw in an old version of WebCalendar.
“The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network,” writes a Netcraft spokesperson.
GamesBeat Summit 2023
Join the GamesBeat community in Los Angeles this May 22-23. You’ll hear from the brightest minds within the gaming industry to share their updates on the latest developments.
The official statement from EA spokesperson John Reseburg: “We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.”
The phishing site works like this: When visitors go to one of the targeted sites at EA.com, a fake popup appears asking them to submit an Apple ID and password. Victims are then redirected to a second form and asked to verify their full name, card number, expiration date, verification code, date of birth, phone number, and other details that would be useful to commit fraud. After the users submit these details, the page redirects them to the Apple ID website.
Netcraft also reported that EA Games is currently being targeted in other phishing attacks to steal user data from its Origin game distribution service — at a time when it’s seeing higher activity after the release of the sci-fi shooter Titanfall.
This wouldn’t be the first time. In May, a fatal flaw in EA’s Origin service may have enabled hackers to remotely execute software on a target’s Mac or PC, according to Malta-based security researchers ReVuln.
Read the full security report here.
GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Discover our Briefings.