EA Confronting Security Phishing Scam

by Matt Miller on Mar 19, 2014 at 11:38 AM

Update: We've received a comment from an official source at Electronic Arts, who both confirms the existence of the threat, and indicates that any future such attempts should not be possible.

“We have found it, we have isolated it, and we are making sure such attempts are no longer possible.  Privacy and security are of the utmost importance to us,” reads the comment from EA's spokesperson.

Original Story

Electronic Arts is said to be investigating the issue, in which an EA server is being altered to appear like an Apple login page. As seen in the image above, the webpage looks like the authentic Apple login screen, and a login attempt on the page is said to redirect users to the actual Apple site.

The vulnerability is discussed in greater detail by security firm Netcraft, which discovered the problem. The firm explains that the compromised server is normally used to host a WebCalendar application, and so it is unlikely that consumers would encounter the page, but that the issue remains unresolved for now. 

We have reached out to Electronic Arts for comment about this reported security issue, and will update with any additional info. 

[Source: Netcraft via The Verge]


Our Take
If the details from Netcraft are to be believed, this vulnerability has been present on EA’s servers for multiple days. As the compromised server is hosted within EA’s network, it's unknown if there are any broader implications for consumers.