Missed the GamesBeat Summit excitement? Don't worry! Tune in now to catch all of the live and virtual sessions here.

Hackers have broken into an Electronic Arts games server and are using it to host a phishing site that steals Apple IDs, according to a report from security firm Netcraft.

The firm published the report some 10 hours ago and contacted EA Games to alert the company to the vulnerability.

Researchers at Netcraft suspect that the hack takes advantage of a known security flaw in an old version of WebCalendar.

“The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network,” writes a Netcraft spokesperson.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

The official statement from EA spokesperson John Reseburg: “We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.”

The phishing site works like this: When visitors go to one of the targeted sites at EA.com, a fake popup appears asking them to submit an Apple ID and password. Victims are then redirected to a second form and asked to verify their full name, card number, expiration date, verification code, date of birth, phone number, and other details that would be useful to commit fraud. After the users submit these details, the page redirects them to the Apple ID website.

Netcraft also reported that EA Games is currently being targeted in other phishing attacks to steal user data from its Origin game distribution service — at a time when it’s seeing higher activity after the release of the sci-fi shooter Titanfall.

This wouldn’t be the first time. In May, a fatal flaw in EA’s Origin service may have enabled hackers to remotely execute software on a target’s Mac or PC, according to Malta-based security researchers ReVuln.

Read the full security report here.

GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Discover our Briefings.