EA Origins is one in every of many various platforms for distributing video games. It options titles such because the Dragon Age sequence, The Sims, and Battlefield. Sadly, the massive userbase makes the platform a goal for safety breaches. EA patched the difficulty, though this flaw left as many as 300 million consumer accounts uncovered to hijacking. As an alternative of gathering usernames and passwords, the exploit would have allowed hackers to interrupt into accounts utilizing Single Signal-On tokens as a substitute. These entry tokens operate equally to passwords, permitting gamers to entry their accounts utilizing generated codes. This isn’t the primary occasion of such a vulnerability; Examine Level found an analogous difficulty in Fortnite earlier this yr.
As an alternative of compromising consumer accounts utilizing phishing strategies, many have turned to pilfering these entry tokens. Relatively than have folks enter account info on an internet site, they’ll collect tokens with out enter from the account proprietor. Malicious coding is adequate to take the knowledge and squirrel it away to be used by unknown events. CTO and Bugcrowd founder Casey Ellis commented on the scenario.
Cybersecurity researchers at CyberInt and Examine Level took over inactive Microsoft Azure URL eaplayinvite.ea.com. The researchers turned the innocuous area right into a phishing lure. Gamers have been more likely to belief the EA area hyperlink in documentation. Code within the web site allowed the researchers to steal entry tokens meant for the EA servers and divert the knowledge to the researchers. The accounts now compromised, CyberInt and Examine Level contacted EA in mid-February concerning the safety flaw. EA declared it fastened the difficulty within the span of three weeks.
Director of Recreation and Platform Safety Adrian Stone gave a press release to cnet concerning the difficulty:
Fast Take
All the time, all the time, all the time use choices like 2-Issue Authentication if it’s obtainable. I’ve discovered this the exhausting means. Usernames and passwords are not adequate this present day to guard your accounts.
Have a tip for us? Superior! Shoot us an e mail at [email protected] and we’ll have a look!
Jackson Wery
Workers Author
My temper is with the ability to say “I am very drained” in as many languages as potential. I play a number of tabletop RPGs and generally I’ll play a online game. Speak with me about survival horror.
report this advert