EA Origin vulnerability could have exposed more than 300 million gamers

By Digit NewsDesk | Published on Jun 27 2019
EA Origin vulnerability could have exposed more than 300 million gamers

The vulnerability was found by Check Point Research & CyberInt.

The issue is being worked on.

The vulnerability would have given hackers access to people’s account without the need to steal their login and password.

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

Check Point Research and CyberInt have identified a chain of vulnerabilities in the Origin gaming client. For those unaware, Origin is Electronic Arts’ (EA) gaming client that users use to log into the service to access their game library, purchase games and more. The security flaw once exploited could have led to player account takeover and identity theft without the need to steal the user's login details or password. This security flaw could have affected more than 300 million users.  

To put things into perspective, EA is the world’s second-largest gaming company and is home to some well-known franchises, like FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer, Star Wars: Jedi Fallen Order and Medal of Honor in its portfolio. Origin is the platform that customers use to purchase and play EA’s games across PC and mobile. Origin is not only a storefront but also a place for players to connect. It has features such as profile management, networking with friends via chat, and direct game joining. The service is integrated with other online gaming services such as Xbox Live, PlayStation Network, and Nintendo Network along with social networking sites like Facebook. 

CyberInt and Check Point researchers disclosed the vulnerabilities to EA and combined their efforts to help eliminate the threat. EA is developing the fixes needed to ensure the theft doesn’t occur. 

Protecting our players is our priority,” said Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”

“EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,” said Oded Vanunu, Head of Products Vulnerability Research for Check Point. “Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”

 “CyberInt provides continuous, automated early detection, taking the attacker’s perspective to enable companies to protect their customers and business proactively,” said Itay Yanovski, Co-Founder and SVP Strategy for CyberInt Technologies. “Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative. We believe the cybersecurity industry has the responsibility to protect people, so we make sure to alert the industry with threat-centric security research on newly detected adversary campaigns, such as the recent TA505 – to ensure that the most effective detection and mitigation measures are taken.”

As a precaution, it makes sense for users to change their password and log out of any device they haven't used in a while. Users can also enable two-factor authentication to add an extra layer of security. It is also advisable to use the official website when downloading or purchasing games. It's needless to say that users should not click on any link sent to them from an unknown source.

It is good that EA is working on the vulnerability and fixing it. At the recent Electronic Entertainment Expo (E3), EA showed off a bunch of games ranging from Fifa, Star Wars: Jedi Fallen Order and even updates to the company’s battle royale game, Apex Legends. You can check out EA’s announcements here.

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.