latest updates from easySERVICE™
Security company Netcraft discovered two EA Games phishing operations, netting Apple ID and EA Origin passwords and payment information. EA has patched the vuln allowing Apple ID password phishing.
If you’ve been prompted to enter your Apple ID login, payment and security credentials via an EA Games subdomain recently, change your passwords immediately.
Same goes if you’ve logged in at an EA Origin subdomain within the past week: change your passwords and connected accounts ASAP.
Security auditor Netcraft announced yesterday it has discovered a slick Apple ID phishing scam running smoothly on an EA server, and a second phishing scam posing as an EA Origin login page. EA Origin is a popular games platform with an estimated 9.3 million users.
EA told press it patched the vulnerability later that night — but did not comment on the second compromise posing as an Origin site, also discovered by Netcraft and reported to be still in operation.
About the Apple phishing compromise EA told BBC last night, “We found it, we have isolated it, and we are making sure such attempts are no longer possible.”
Netcraft said EA’s server compromise could have been avoided with security updates on a known issue with EA’s 2008 version of WebCalendar 1.2.0. which was running on the server.
Netcraft said, “It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application.”
It is unknown how long the phishing operation had been running, or how many Apple accounts were compromised.
Netcraft’s blog post also explained its second discovery of a still-running phishing operation on an EA Origin subdomain spoof — and said it has been running for at least a week.
Users were presented with an Apple ID login screen on an ea.com subdomain, then directed to enter their full name, credit card number, expiration date, and verification code — plus date of birth, their phone number, mother’s maiden name and other security details (likely the three security questions required to set up and verify an Apple ID).
After giving the malicious intruders all their Apple security information, users were directed seamlessly onward to the real Apple ID site.
Anyone who has re-entered Apple ID login and security questions for the past week should change their Apple ID passwords and security information immediately, and the passwords of any connected accounts.
Source: Associated Press