EA's Origin had security flaws that could have put up to 300M at risk for identity theft

Video game publisher Electronic Arts has tightened some openings cybersleuths found in its Origin online network that could have exposed more than 300 million video game players to identity theft and account losses.

EA's Origin platform lets PC gamers buy and play games such as Madden NFL, FIFA, Battlefield and The Sims on the network, as well as chat and play online with others. Origin also connects with Facebook, Xbox Live, PlayStation Network and the Nintendo Network.

Most recently, EA has seen success with "Apex Legends," as a challenger to "Fortnite," the leader among the growing battle royal genre, which pits large numbers of players against one another to be the last ones standing.

A "chain of vulnerabilities" in the Origin gaming software, identified by cybersecurity firms Check Point Research of San Carlos, California, and CyberInt Technologies of Tel Aviv, Israel, could have allowed hackers to hijack players' sessions and eventually take over their accounts and potentially gain access to credit card information and other personal information.

The cybersecurity firms developed fixes the game publisher deployed to close the vulnerabilities, the companies announced Wednesday. "Protecting our players is our priority," said Adrian Stone, senior director for game and platform security at Electronic Arts, said in a statement included in the announcement. "As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues."

This year, Check Point notified Epic Games, publisher of the popular online game "Fortnite," about similar potential weaknesses in its systems, too. In both cases, unused online destinations within the systems offered an entry point for exploitation.

Origin's vulnerabilities could have been exploited without getting a user's login information. Hackers could have used "abandoned subdomains and EA Games' use of authentication tokens" used as part of the system's sign-on process.

Only a fraction of EA's 300 million registered users are active regularly on Origin, but the PC service's connectivity to social media and other online gaming networks could have put millions more at risk, the security expert says.

"Along with the vulnerabilities we recently found in the platforms used by Epic Games for 'Fortnite,' this shows how susceptible online and cloud applications are to attacks and breaches," said Oded Vanunu, Check Point's head of products vulnerability research.

"These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold."

How to protect your info

Gamers should use two-factor authentication for online networks and only use official websites when downloading or buying games, the security firms advise. "Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative," said Itay Yanovski, CyberInt co-founder and senior vice president for strategy.

(c)2019 USA Today
Distributed by Tribune Content Agency, LLC.

Citation: EA's Origin had security flaws that could have put up to 300M at risk for identity theft (2019, June 27) retrieved 29 September 2023 from https://phys.org/news/2019-06-ea-flaws-300m-identity-theft.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Xbox Live could soon be coming to iOS, Android and the Nintendo Switch


Feedback to editors