The flaw exposed more than 300 million players on popular online games such as Battlefield, Madden NFL, NBA Live and FIFA, according to security researchers from Check Point and CyberIn.
"EA’s Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts," Oded Vanunu, head of products vulnerability research for Check Point, said in a statement Wednesday.
Security researchers found a vulnerability that could have easily allowed for account takeovers. 868"}’>EA had to step up its game after researchers found an EA Origin vulnerability that could have exposed millions of people to account takeovers.
CyberInt and Check Point’s researchers successfully requested to take over the inactive domain from Microsoft Azure and turned the page into a phishing trap.
The security researchers were able to take control of an EA subdomain, under the URL "eaplayinvite. ea. com," which was an inactive domain hosted on Microsoft’s Azure cloud service.
The security flaw would have allowed hackers to hijack people’s accounts without stealing their login or passwords.
"Protecting our players is our priority," Adrian Stone, EA’s director of game and platform security, said in a statement provided by the security researchers.
"As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues".
As people become more aware of entering their passwords on suspicious websites, hackers have turned to stealing access tokens instead, which can be done in the background without any user participation.
The security flaw would have let hackers take over people’s account without needing to steal a login and password.https://t.co/snpM892VcN— CNET News (@CNETNews) June 26, 2019