According to report, Cyber security researchers have found the security flaws in EA Games’ login process which could allow the hacker to access EA gamers’ account as well as steal their sensitive data. Researchers noticed and pointed out over 300 million players are at risk; stolen gaming confidential & credentials is valuable commodity in the Cybercrime underground.
This flaw affects the “Origin” digital distribution platform developed by Electronic Arts which allows the EA Gamers to purchase and play some of the most popular video games. Moreover, it also works as communication platform for users. It allows the gamers to access the various games through this platform including Apex Legends, BattleField, FIFA and others.
Expert explains that the Cybercriminals happening due to unpatched weakness in Microsoft’s Azure cloud service
Security experts detected the problem behind this attack and states that the proof-of-concept that leverage a well-known unpatched weakness in Azure cloud service of Microsoft, which allows the hacker to access EA sub-domain which was hosting by Origin’s services. On other hand, when DNS of domain or sub-domain is pointing to Azure cloud service, but has not been configured to active Azure account, any other Azure user can hijack it.
The series of flaw discovered by experts exploits EA Games’ use authentication tokens in combination of oAuth Single Sign-On (SSO) and trust authentication techniques. Experts also noticed that the Cyber hacker would be able to hijack gamers’ session resulting compromising and at worst complete account take over, steal your credentials and share it on public. However, they use fraudulently by in-game currency to steal gamers’ money from their wallet by accessing their credit card details. Let’s take have a look at statement of security experts on the matter.
Threat Actor make money by using Phishing Attack
Due to security flaws in EA Games’ login process, Cyber hacker is capable to access over 300 million of EA gamers’ account and exchange their login credential to unknown users. In fact, cyber criminals use phishing attack, social engineering attack to steal credential from victims. Origin’s own commutation platform or other chat application is used by hacker as tricks to gather users’ credentials into clicking the link. Fortunately, EA was quick to patch the flaw. Let’s take have a look at statement of Adrian Stone (Senior Director for game & platform security at EA).
“As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues,”
Exploitation of flaw require knowledgeable hacker
A mixture of lucrative market and those gamers who are looking to unlock easy mode on their playtime will continue to fuel the flames and gamers and their parents if under certain ages should be aware that they are targets. Since, it requires a knowledgeable hacker to exploit EA Games security flaw. There is lots of experienced hacker who have tested phishing techniques to gain access to EA gamers’ account. Anyway, we are researching on the matter very deeply and we will defiantly post an update if it will come in future. For any suggestions or queries, please write on comment box given below