EA Origin vulnerability could have exposed more than 300 million gamers

EA Origin vulnerability could have exposed more than 300 million gamers
HIGHLIGHTS

The vulnerability was found by Check Point Research & CyberInt.

The issue is being worked on.

The vulnerability would have given hackers access to people’s account without the need to steal their login and password.

Check Point Research and CyberInt have identified a chain of vulnerabilities in the Origin gaming client. For those unaware, Origin is Electronic Arts’ (EA) gaming client that users use to log into the service to access their game library, purchase games and more. The security flaw once exploited could have led to player account takeover and identity theft without the need to steal the user's login details or password. This security flaw could have affected more than 300 million users.  

To put things into perspective, EA is the world’s second-largest gaming company and is home to some well-known franchises, like FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer, Star Wars: Jedi Fallen Order and Medal of Honor in its portfolio. Origin is the platform that customers use to purchase and play EA’s games across PC and mobile. Origin is not only a storefront but also a place for players to connect. It has features such as profile management, networking with friends via chat, and direct game joining. The service is integrated with other online gaming services such as Xbox Live, PlayStation Network, and Nintendo Network along with social networking sites like Facebook. 

CyberInt and Check Point researchers disclosed the vulnerabilities to EA and combined their efforts to help eliminate the threat. EA is developing the fixes needed to ensure the theft doesn’t occur. 

Protecting our players is our priority,” said Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”

“EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,” said Oded Vanunu, Head of Products Vulnerability Research for Check Point. “Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”

 “CyberInt provides continuous, automated early detection, taking the attacker’s perspective to enable companies to protect their customers and business proactively,” said Itay Yanovski, Co-Founder and SVP Strategy for CyberInt Technologies. “Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative. We believe the cybersecurity industry has the responsibility to protect people, so we make sure to alert the industry with threat-centric security research on newly detected adversary campaigns, such as the recent TA505 – to ensure that the most effective detection and mitigation measures are taken.”

As a precaution, it makes sense for users to change their password and log out of any device they haven't used in a while. Users can also enable two-factor authentication to add an extra layer of security. It is also advisable to use the official website when downloading or purchasing games. It's needless to say that users should not click on any link sent to them from an unknown source.

It is good that EA is working on the vulnerability and fixing it. At the recent Electronic Entertainment Expo (E3), EA showed off a bunch of games ranging from Fifa, Star Wars: Jedi Fallen Order and even updates to the company’s battle royale game, Apex Legends. You can check out EA’s announcements here.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

Digit.in
Logo
Digit.in
Logo