Major security flaws were discovered on EA Origin, which forced the publisher to act quickly to correct them and avoid the risk to millions of users.
The leaks were detected by Check Point Research and CyberInt, who warned EA by pushing them to act quickly to plug the holes. There are no traces of the exploitation of these flaws, so no unauthorized access or data theft has been detected, with risks that seem to have remained confined to just a concept, but if someone had exploited these vulnerabilities practically the entire player base of the Electronic Arts client would have been defenseless in the face of attacks.
These flaws, apparently, were based on the exploitation of abandoned sub-domains by EA, in coordination with the use of authentication tokens used to connect to Origin, with the TRUST mechanisms that come into play with the login process. “These platforms are increasingly being targeted by hackers due to the huge amount of sensitive data of the users they own,” explained Oded Vanunu of Check Point, who suggests players to always use two-factor authentication for these accounts.
Check Point and CyberInt strongly advise users to enable two-factor authentication and only use the official website when downloading or purchasing games. Parents should create awareness among their children around the threat of online fraud, that cybercriminals will do anything to gain access to personal and financial details, which may be held as part of a gamer’s online account.
If you haven’t activated two-factor authentication, visit www.origin.com to do so.
Latest posts by Boris Bulj (see all)
- Destiny 2 for PC will be transferred to Steam starting 1st October - September 7, 2019
- Get up to 12 months of Nintendo Switch Online with Twitch Prime - September 5, 2019
- Overwatch announced for Nintendo Switch with October 15th Release! - September 5, 2019
Source (Check Point Research)