Hacked EA Games Server Goes Phishing For Apple Account Info

Hacked EA Games Server Goes Phishing For Apple Account Info

Electronic Arts logo

Internet security company Netcraft says hackers have compromised an EA Games server and are using it to phish for Apple login information.

Netcraft, an internet security firm offering anti-fraud, anti-phishing, application testing and other services, posted a report today claiming that a server used by two websites in the EA.com domain has been compromised by hackers and is now hosting a phishing site targeting Apple accounts. The site normally hosts a calendar based on an old version of WebCalender which is known to contain several security holes, which is likely how the hackers were able to get in.

"The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster," the Netcraft website states. "After submitting these details, the victim is redirected to the legitimate Apple ID website."

Netcraft said "internet-visible servers" like this are often used as stepping stones to get at internal servers not visible to the net that typically contain more valuable information, although it added that there's no evidence to suggest this has happened. It also noted that "the mere presence of old software" can lead hackers to push deeper into an internal network in search of other soft spots and points of access.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server," it explained.

Netcraft said it informed EA of the breach yesterday [March 18] but at the time of its report, the vulnerable server and the phishing software both remained online.

Source: Netcraft

Permalink

Despite the chance of starting a flame war, but whoever has both an EA and Apple account and falls for a trick like this had it coming.

Seems like they'd want to use the ea.com domain to phish for Origin credentials instead. Like whoever did using weebly.com (as discussed in the Netcraft article).

But, whatever, I suppose...

Surely EA will get this blatant security violation zipped up in no time and that'll be the last we hear of it.

...

HA!

Wait...what? Why would this work? Unless of course your Apple and EA logins were the same. Why would use use EA sites to phish for Apple credentials? Why not...I don't know...use a fake Apple site?

Micalas:
Why not...I don't know...use a fake Apple site?

Because hijacking a legit EA site > registering a fake Apple site?

Could have something to do with tracing the owner. Then again, those phished credentials have to be sent somewhere...

I'm just waiting for EA to deny this is even happening. That is their SOP, after all. And it's always funny. :)

MinionJoe:

Micalas:
Why not...I don't know...use a fake Apple site?

Because hijacking a legit EA site > registering a fake Apple site?

Could have something to do with tracing the owner. Then again, those phished credentials have to be sent somewhere...

I'm just waiting for EA to deny this is even happening. That is their SOP, after all. And it's always funny. :)

EA Public Relations: It would be physically impossible to turn off the server as most of the server data is processed in the server. The server is essentially the server.

or something like that.

Tried to remember their reasoning why SimCity 2013 was unable to play offline.

Though it is both EA's and whoever actually falls for the phisher site's fault.

EA's because evidently no one knows how to update anything, people that fall for it because they dont think it is weird that a site is asking for all that information.

Unless Apple actually does ask for all that information [I'm not a Hipster, so I dont use Apple products], if that is the case, it becomes hilarious.

Straight comical if they use the same passwords for everything.

Oh no! All two of the people who visit EA's website are going to have their information stolen!

They clearly did this themselves to ensure a third win for Worst Company in America! I guess in their mind, any contest they can win is good enough. ;)

 

Reply to Thread

Your account does not have posting rights. If you feel this is in error, please contact an administrator. (ID# 59924)