Researchers identify security vulnerabilities in EA's Origin gaming client

Origin Security Vulnerability Could Have Affected 300 Million Players

Origin Security Vulnerability Could Have Affected 300 Million Players

According to a detailed technical analysis of the discovery published by Check Point, "the vulnerabilities did not require users to hand over any login details whatsoever".

Researchers from Check Point and CyberInt informed EA that if the vulnerability isn't patched, it would enable hackers to "hijack and exploit" the accounts of million.

Major security flaws were discovered on EA Origin, which forced the publisher to act quickly to correct them and avoid the risk to millions of users.

"We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix", Alexander Peleg, CyberInt's head of cyber operations, said in an email. "Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches".

EA Games, with more than 300 million users and revenues in the region of $5 billion, is the world's second largest gaming company, with titles such as FIFA, The Sims, Battlefield, Command and Conquer, and Medal of Honor in its portfolio.

'Protecting our players is our priority, claims Adrian Stone, senior director for game and platform security at Electronic Arts, of the vulnerability report.

The FAA Has Found Another Issue With the Boeing 737 MAX
Now, the FAA has discovered an additional issue through flight simulator testing, but have not disclosed specifics on the issue. The aircraft has been grounded since March when an Ethiopian Airlines flight crashed , killing all 157 people on board.

The issues were found by researchers from Check Point Research and CyberInt-two cybersecurity companies headquartered in Israel-and swiftly reported to the video game goliath.

The vulnerabilities themselves were surprisingly basic: Check Point was able to use EA's own authentication token system in conjunction with subdomains the company has long-abandoned to subvert the service's sign-on system - meaning that accounts could be taken over, providing full access to the account itself and all personally identifiable information (PII) stored therein.

Itay Yanovski, co-founder of CyberInt, added: "Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative". But a new report may make you believe that when you do hear about it, it's big.

The two cybersecurity firms also advised Origin users to activate two-factor authentication and only use official websites when purchasing or downloading games.

In addition, they say that parents need to create awareness among their children around the threat of online fraud, because threat actors will go to any lengths to gain access to personal and financial details, which may be held as part of a gamer's online account.

From that point onward, the researchers could send links from the domain to victims of their choice, and they were more likely to click on them, especially since it was being sent from an "affiliated" link.

Recommended News

  • Denver man dies after getting sick during Dominican Republic vacation

    Denver man dies after getting sick during Dominican Republic vacation

    As another potential blow to Dominican tourism, Delta announced on Tuesday it will allow passengers to re-book at no extra charge. In response to the ongoing events, a Dominican Republic official attempted to alleviate concerns during a press conference.
    Toni Braxton's Niece's Cause of Death Revealed

    Toni Braxton's Niece's Cause of Death Revealed

    Aside from Toni, Lauren is also survived by her aunts Traci, Towanda, Trina and Tamar. On Monday, April 29, at 12:44 p.m., the 24 year old was officially pronounced dead.
    Mark Zuckerberg talks privacy and regulation

    Mark Zuckerberg talks privacy and regulation

    Facebook's policy on how to handle false content was put to the test recently when a deepfake video of Mr Zuckerberg was created. Facebook has long held that it should not decide what is and isn't true, leaving such calls instead to outside fact-checkers.
  • Tunisian president hospitalised 'in severe health crisis', Africa News & Top Stories

    Tunisian president hospitalised 'in severe health crisis', Africa News & Top Stories

    The announcement came after two suicide attacks in Tunis on security forces killed a policeman and wounded eight people. Essebsi was born in November 1926 and took over the Tunisian presidency after winning the 2014 presidential elections.
    Tunisia capital rocked by blast

    Tunisia capital rocked by blast

    Four security personnel were reportedly wounded in that attack, though the total number of casualties as yet remains unknown. Police cordon off the scene after a suicide bombing targeted a police vehicle in the Tunisian capital, Tunis , on Thursday.
    CDC panel recommends HPV vaccine for men up to age 26

    CDC panel recommends HPV vaccine for men up to age 26

    The vaccine is approved for people up to age 45, but the same panel declined a proposal to recommend it for people older than 26. Countries with multi-cohort vaccination and high HPV vaccine coverage saw greater and faster impacts, along with herd effects.
  • PES 2019 and Horizon Chase Turbo are your July PS Plus games

    PES 2019 and Horizon Chase Turbo are your July PS Plus games

    Konami's Pro Evolution Soccer 2019 , or PES 2019 , as it is often abbreviated, will be free alongside Horizon Chase Turbo . It's quite delightful to look at and it seems like it comes packed with everything you'd expect from an old racer.
    Kakarot’ Is Promising All-New Character Backstories — Dragon Ball Z

    Kakarot’ Is Promising All-New Character Backstories — Dragon Ball Z

    But based on Iyoku's comments, a new Dragon Ball movie is now in some form of developmental stage. However, it would be very interesting to know what kind of backstories will be integrated.
    Dr Disrespect Twitch Channel Unbanned

    Dr Disrespect Twitch Channel Unbanned

    The viewers subscribed, gifted subscriptions to other viewers, and went insane in the chat to celebrate the channel's return. The streamer was banned from the platform during E3 two weeks ago, after broadcasting live from a bathroom to his channel.
  • Hunt takes aim at PM rival Johnson's 'do or die' Brexit pledge

    Hunt takes aim at PM rival Johnson's 'do or die' Brexit pledge

    The BBC host then interrupted to say that the Brexit date had been extended due to "Tory incompetence". This however, is not applicable to the UK-EU relationship.
    Liverpool agree to sign Dutch defender Sepp van den Berg

    Liverpool agree to sign Dutch defender Sepp van den Berg

    When asked how he felt when Liverpool's interest was first made clear, he said: "I couldn't believe it, I thought it was a joke". Bayern Munich and Ajax were also reportedly interested in signing Van den Berg , who has opted for a move to Anfield instead.
    Cristiano Ronaldo's exit 'made everyone happy', says former team-mate Toni Kroos

    Cristiano Ronaldo's exit 'made everyone happy', says former team-mate Toni Kroos

    Kroos made more successful passes (1932) than any other Real player in La Liga last season. But it was never a question about whether I am coming to City or not.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.