EA needed to fix its game after researchers discovered an EA Origin vulnerability that might have exposed hundreds of thousands of gamers to account takeovers. The flaw uncovered over 300 million gamers on popular online video games like Battlefield, Madden NFL, NBA Live, and FIFA.
“EA’s Origin program is massively popular, and if left unpatched, these defects would have allowed hackers to hijack and exploit thousands of gamers’ accounts,” Oded Vanunu, head of products vulnerability analysis for Check Point, stated in a press release Wednesday.
The security defect would have allowed hackers to hijack users’ accounts without taking their login or passwords. That’s since it would steal a Single Sign-On support token as a substitute, which may give full control for hackers. Access tickets are an authentication method just like passwords, as codes generated by providers to keep users logged in.
They’re harder to steal than passwords however still doable, as a similar vulnerability with Fortnite and Facebook demonstrated. As people become more conscious of entering their passwords on dubious web portals, hackers have shifted to steal access tickets as an alternative, which could be done in the background without any user support.
The security researchers were capable of taking control of an EA subdomain, under the URL “eaplayinvite.ea.com,” which was an inactive domain hosted on Microsoft’s Azure cloud service. CyberInt and Check Point’s researchers efficiently asked to take over the idle domain from Microsoft Azure and turned the web page into a phishing trap.
They may send the wicked web page to gamers, and because it was an EA domain, victims could be more likely to believe in the hyperlink, researchers stated. The hijacked web page had a code set that may take access tickets meant for EA and direct it toward the researchers as an alternative.