One of the game maker’s servers is breached — allowing hackers to create a phony Apple log-in screen that prompts users for personal information. EA says it now has the situation under control.

March 19, 2014 4:21 PM PDT

The fake Apple log-in screen set up by hackers on one of EA’s Web pages.
(Credit: Netcraft)
Using some trickery, hackers were able to breach Electronic Arts’ Web site and transform one of its pages into a bogus Apple log-in screen. Once users logged on to the fake site, they were prompted to input their credit card numbers, date of birth, and other personal information.
Security firm Netcraft discovered the breach and notified EA on Tuesday.

The game maker told CNET that it investigated Netcraft’s claims and as of Wednesday the phishing page is gone.
“We have found it, we have isolated it, and we are making sure such attempts are no longer possible,” EA spokesman John Reseburg told CNET. “Privacy and security are of the utmost importance to us.”
The way the hackers created the fake Apple screen was by accessing one of EA Games’ servers, according to Netcraft.

The server hosted an outdated calendar that had several vulnerabilities and was likely the way the hackers got into the system to set up the phishing page.

Related stories
Beware this big iOS flaw — and it’s not alone
How Target detected hack but failed to act — Bloomberg
WhatsApp pooh-poohs report of security flaw
DDoS attack is launched from 162,000 WordPress sites
200M consumer records exposed in Experian security lapse

“The phishing site attempts to trick a victim into submitting his Apple ID and password,” Netcraft wrote in a blog post. “It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster.

After submitting these details, the victim is redirected to the legitimate Apple ID Web site.”
This isn’t the first time EA has been the victim of hackers. Years ago, a malicious attack on one of EA’s servers led to the inaccessibility of its online Scrabble game.

And in 2011, another of the company’s servers, which hosted its BioWare Neverwinter Nights forum, was breached and some customer information was stolen.
In this latest hack, it’s unclear if user data was stolen. However, according to Netcraft, it’s unlikely because the security firm added the phishing page to a blocking list that is provided to major Web browsers.

Leave a Reply