The bug that was affecting EA’s Origin online gaming and digital distribution platform, had been fixed. It was originally discovered on October 1, and if exploited it allows a hacker to gain access to the account data
The bug only occurs when you use the EA Origin client but request to edit your account on EA.com, because the EA Origin client will release an auto-login URL which includes your token credentials so it basically leaks your active username and password.
Auto-login URLs are very common these days and used by many desktop and web-based applications. They are also very secured because are tied to the user’s IP address or cookie files already registered in the user’s name.
The problem is that the EA Origin auto-login URL has none of this cybersecurity solutions implemented. Once told. the auto-login URL worked regardless of IP address or browser. Meaning that if you’re on an unsecured network or WiFi hotspot; like at a cafe or hotel, someone can easily grab these token auto-login URLs and basically log in as the end user who requested these token links.
The problem doesn’t end here because the auto-login URLs can also be collected by IoT malware/botnets that have infected home routers, allowing hackers to gather a huge amount of EA account data.
By exploiting this huge cybersecurity problem a hacker can have access to your settings panel, player’s real name, the last four digits of his credit card, the last digits of his phone number, order history, and more.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Researchers warn that hackers can see this bug as a treasure if they attend gaming conventions or competitions, where people are most likely use an unsecured WiFi network and use the EA Origin client and its auto-login feature.
Earlier this month an EA spokesperson confirmed that fixes will be rolled out later this month and that the company had not seen evidence of any unauthorized users having accessed subscriber’s data.
Now, the same spokesperson confirmed that EA had been fixed the bug.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.