EA web server hacked as part of Apple phishing scheme



Electronic Arts website was breached this week, as attackers aimed to use the site as a landing page for a phishing scheme to capture Apple log-in credentials. The breach, identified by security research giants Netcraft, prompted users to enter their personal details onto a fake Apple log-in screen. Personal details requested included their name, address, date of birth and even credit card information.

EA were informed of the breach on Tuesday and confirmed the breach, removing the page from its site on Wednesday. The gaming giants made a statement to inform users that the breach has been identified, isolated and removed. It was also stated that mitigations have been put in place to prevent a repeat of this occurring again. EA state that privacy and security of its users are paramount to them.

The vulnerability exploited by attackers, according to Netcraft, was present on an out of date calendar application hosted on EA’s web server. The hackers exploited this vulnerability and were able to create, and alter, web pages on the EA public web page. The hackers then created a page with a similar look to the Apple ID log in page with fields requesting personal data, including username and password. Once confirmed, the user is then directed to a second page that requests the user to enter all kinds of personal information such as full name, date of birth, mother’s maiden name and all details regarding their credit card information. Once sent, the user is then redirected to the legitimate Apple website.

This breach allows attackers to harvest mass amounts of user’s personal data and credit card information. EA have not released a statement to verify exactly how much personal data may have been extracted, however, according to Netcraft, it is quite unlikely that much would have been stolen due to the phishing page being added to the blocking list of major web browsers.

This is not the first time EA have been involved in a serious breach of data. Several years ago, security researchers discovered a severe denial of service attack against the servers to prevent users accessing their Scrabble game online. In 2011, attacks against EA’s servers resulted in customer information being stolen from the Bio Ware Never winter night’s forum online.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *