The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
The compromised server is hosted within EA's own network, the security firm added. The hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server.
Netcraft also reported that EA Games was also the target of phishing attacks which try to steal credentials from users of its Origin digital distribution platform.
EA's Origin servers also came under attack earlier this year, causing connectivity and login problems in various EA games.
EA has not provided any comment yet.
Update:EA says that its hacked server has now been fixed.