EA patched flaws in its Origin platform that could have enabled hackers to hijack and exploit millions of users' accounts. The vulnerabilities were spotted by Check Point Research and CyberInt, and once exploited, they could have allowed player account takeover and identity theft. The cybersecurity companies alerted EA, which was quick to take action.
The vulnerabilities took advantage of abandoned subdomains, EA Games' use of authentication tokens and single sign-on and TRUST mechanisms built into the user login process. Had an attack been carried out, it could have been devastating, given that EA is the world's second largest gaming company and millions of user accounts would have been at risk.
The vulnerabilities are a reminder of how susceptible online and cloud platforms are to breaches. "These platforms are being increasingly targeted by hackers because of [the] huge amounts of sensitive customer data they hold," said Check Point's Oded Vanunu. Check Point and CyberInt advise gamers to enable two-factor authentication and only use official websites to download or purchase games. The companies also caution that parents should warn children about the threat of online fraud.