|Last 7 Days News :
Wednesday, March 19, 2014
EA Games Server Compromised
Security firm Netcraft has detailed an attack against one of EA's servers, which has benn compromised so it can host phishing attacks that target Apple IDs.
The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0 a 2008 version that contains several security vulnerabilities, according to Netcraft.
The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
The compromised server is hosted within EA's own network, the security firm added. The hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server.
Netcraft also reported that EA Games was also the target of phishing attacks which try to steal credentials from users of its Origin digital distribution platform.
EA's Origin servers also came under attack earlier this year, causing connectivity and login problems in various EA games.
EA has not provided any comment yet.
Update:EA says that its hacked server has now been fixed.