Accounts of these gamers may have been ‘hacked’
You don’t often hear about breaches, hacks and vulnerabilities in gaming consoles and services as much as you do for smartphones and other mobile devices. But a new report may make you believe that when you do hear about it, it’s big. According to Check Point Research, a cyber security firm, along with CyberInt there are several vulnerabilities found in the Origin gaming service that belongs to one of the biggest video game makers, Electronic Arts (EA). It has been added that if these vulnerabilities are exploited, it may let hackers take control of the player’s Origin account and may lead to identity theft.
Check Point researchers have already disclosed the vulnerability to Electronic Arts.Read more ↓
“Protecting our players is our priority,” said senior director, game and platform security at Electronic Arts, Adrian Stone.”As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”
It has been explained that the vulnerability exploited the abandoned sub-domains and EA Games’ authentication tokens along with the OAuth Single Sign-On (SSO) and TRUST mechanism of the log process.
“EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,” said head of products vulnerability research for Check Point, Oded Vanunu. “Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”
For now, Origin account holders can bank on the two-factor authentication security layer and use the official website when downloading and purchasing titles.