Researchers identify security vulnerabilities in EA's Origin gaming client

EA Origin had a vulnerability that left 300 million players potentially exposed

EA Origin had a vulnerability that left 300 million players potentially exposed

According to a detailed technical analysis of the discovery published by Check Point, "the vulnerabilities did not require users to hand over any login details whatsoever".

Researchers from Check Point and CyberInt informed EA that if the vulnerability isn't patched, it would enable hackers to "hijack and exploit" the accounts of million.

Major security flaws were discovered on EA Origin, which forced the publisher to act quickly to correct them and avoid the risk to millions of users.

"We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix", Alexander Peleg, CyberInt's head of cyber operations, said in an email. "Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches".

EA Games, with more than 300 million users and revenues in the region of $5 billion, is the world's second largest gaming company, with titles such as FIFA, The Sims, Battlefield, Command and Conquer, and Medal of Honor in its portfolio.

'Protecting our players is our priority, claims Adrian Stone, senior director for game and platform security at Electronic Arts, of the vulnerability report.

Rex Tillerson Says Jared Kushner Conducted Foreign Policy Without Him
Toward the end of the interview, a committee member asked Tillerson if he could describe Trump's value system to the panel. Kushner promised Tillerson he would "try to do better", but ultimately remained "in charge of his own agenda".

The issues were found by researchers from Check Point Research and CyberInt-two cybersecurity companies headquartered in Israel-and swiftly reported to the video game goliath.

The vulnerabilities themselves were surprisingly basic: Check Point was able to use EA's own authentication token system in conjunction with subdomains the company has long-abandoned to subvert the service's sign-on system - meaning that accounts could be taken over, providing full access to the account itself and all personally identifiable information (PII) stored therein.

Itay Yanovski, co-founder of CyberInt, added: "Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative". But a new report may make you believe that when you do hear about it, it's big.

The two cybersecurity firms also advised Origin users to activate two-factor authentication and only use official websites when purchasing or downloading games.

In addition, they say that parents need to create awareness among their children around the threat of online fraud, because threat actors will go to any lengths to gain access to personal and financial details, which may be held as part of a gamer's online account.

From that point onward, the researchers could send links from the domain to victims of their choice, and they were more likely to click on them, especially since it was being sent from an "affiliated" link.

Recommended News

  • Dr Disrespect Twitch Channel Unbanned

    Dr Disrespect Twitch Channel Unbanned

    The viewers subscribed, gifted subscriptions to other viewers, and went insane in the chat to celebrate the channel's return. The streamer was banned from the platform during E3 two weeks ago, after broadcasting live from a bathroom to his channel.
    Target and eBay will challenge Amazon's Prime Day this year

    Target and eBay will challenge Amazon's Prime Day this year

    On July 10, Amazon Music is set to host a Prime Day Concert which will be live-streamed exclusively to Prime members. Last year Black Friday sales totaled about $717 billion compared to Amazon's Prime's estimated $4 billion in sales.
    Hunt takes aim at PM rival Johnson's 'do or die' Brexit pledge

    Hunt takes aim at PM rival Johnson's 'do or die' Brexit pledge

    The BBC host then interrupted to say that the Brexit date had been extended due to "Tory incompetence". This however, is not applicable to the UK-EU relationship.
  • Fort Hood solider killed in Afghanistan

    Fort Hood solider killed in Afghanistan

    Johnston", he said in a statement . "I think this drives home the need for us to be successful, right". Another soldier killed, although stationed at Fort Carson was a 2009 graduate of Killeen High School.
    Liverpool agree to sign Dutch defender Sepp van den Berg

    Liverpool agree to sign Dutch defender Sepp van den Berg

    When asked how he felt when Liverpool's interest was first made clear, he said: "I couldn't believe it, I thought it was a joke". Bayern Munich and Ajax were also reportedly interested in signing Van den Berg , who has opted for a move to Anfield instead.
    Cars Stuck on Muddy Road Thanks to Disastrous Google Maps Detour

    Cars Stuck on Muddy Road Thanks to Disastrous Google Maps Detour

    Drivers travelling to Denver Airport end up in a sticky situation, after a Google Maps fail took them into a muddy field. Since October, Google Maps has been analyzing reports from Google Maps users during the 6 a.m.to 10 a.m. commute time.
  • Heyman and Bischoff fill new WWE executive creative roles under Vince McMahon

    Heyman and Bischoff fill new WWE executive creative roles under Vince McMahon

    With Bischoff in charge, WCW's Nitro even defeated McMahon's Monday Night Raw in the television ratings for 83 consecutive weeks. Bischoff will be working closely with Fox officials as the blue brand prepares to premiere on Fox Friday nights in October.
    Woman Gives Birth At Pink Concert, Names Baby After Her

    Woman Gives Birth At Pink Concert, Names Baby After Her

    Jones named the baby Dolly Pink . "But I couldn't be any happier right now!" And to that, we say raise your glass to the new mum! So how did this " Beautiful Trauma " even happen? Stadium paramedics delivered the baby in the stadium's first aid room.

    CDC panel recommends HPV vaccine for men up to age 26

    The vaccine is approved for people up to age 45, but the same panel declined a proposal to recommend it for people older than 26. Countries with multi-cohort vaccination and high HPV vaccine coverage saw greater and faster impacts, along with herd effects.
  • Denver man dies after getting sick during Dominican Republic vacation

    Denver man dies after getting sick during Dominican Republic vacation

    As another potential blow to Dominican tourism, Delta announced on Tuesday it will allow passengers to re-book at no extra charge. In response to the ongoing events, a Dominican Republic official attempted to alleviate concerns during a press conference.
    12-Year-Old Girl Gets Flesh-Eating Disease After Swimming at Florida Beach

    12-Year-Old Girl Gets Flesh-Eating Disease After Swimming at Florida Beach

    CBS affiliate WKRG-TV reported the Brown family went to a beach in Destin earlier this month when Kylei fell drastically ill. It's important to keep wounds clean and covered, and if you experience symptoms of an infection, get immediate treatment.
    Florida cities pay out $1mn in bitcoin to ransomware hackers

    Florida cities pay out $1mn in bitcoin to ransomware hackers

    As a result of the attack, employees lost access to email accounts and citizens were unable to make municipal payments online. Officials in Lake City paid the hackers after their computer systems were down for two weeks.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.