A security firm discovered a security vulnerability at Electronic Arts. Hackers could have gained access to 300 million gamer accounts through the Origin platform to do malicious things. This affects games like Anthem, FIFA 19, Battlefield 5, or The Sims. EA is said to have closed the gap.
Where does this information come from? It comes from security experts, Check Point Research (Via research.checkpoint). They collaborated with CyberInt in this case.
They pretend to be hackers themselves, looking for vulnerabilities in the major infrastructures at companies. They penetrate systems and see how far hackers could get if they were serious and what resistance they would encounter.
They say: Due to a security vulnerability at Origin, attackers could hack millions of accounts. The villains would then have been able to access credit card information and make fraudulent purchases.
Through Origin, up to 300 million gamers use numerous online games from EA like FIFA 19, Madden NFL, NBA Live, Anthem, or The Sims.
This kind of vulnerability theoretically affects many people worldwide.
Similar vulnerabilities in the launcher have been found before – also in Blizzard’s Battle.Net.
This is how EA reacted: According to Check Point Research, they informed Electronic Arts about this vulnerability before making it public and helped EA close the security gaps.
How did the hack work? The vulnerability worked similarly to Fortnite, where Check Point Research uncovered a similar vulnerability.
The testers noticed that certain retired services at EA still exist that are no longer used but still function. Thus, they could take over the subdomain “eaplayinvite” and then see requests from “real users”.
From this foothold, the team began dismantling EA’s security measures and pushing further into the system.
Ultimately, they were able to redirect “real EA players” to fake websites and thus could have harvested the data.
