Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Hacked EA Games Server Goes Phishing For Apple Account Info

This article is over 10 years old and may contain outdated information
Electronic Arts logo

Internet security company Netcraft says hackers have compromised an EA Games server and are using it to phish for Apple login information.

Netcraft, an internet security firm offering anti-fraud, anti-phishing, application testing and other services, posted a report today claiming that a server used by two websites in the EA.com domain has been compromised by hackers and is now hosting a phishing site targeting Apple accounts. The site normally hosts a calendar based on an old version of WebCalender which is known to contain several security holes, which is likely how the hackers were able to get in.

“The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster,” the Netcraft website states. “After submitting these details, the victim is redirected to the legitimate Apple ID website.”

Netcraft said “internet-visible servers” like this are often used as stepping stones to get at internal servers not visible to the net that typically contain more valuable information, although it added that there’s no evidence to suggest this has happened. It also noted that “the mere presence of old software” can lead hackers to push deeper into an internal network in search of other soft spots and points of access.

“In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server,” it explained.

Netcraft said it informed EA of the breach yesterday [March 18] but at the time of its report, the vulnerable server and the phishing software both remained online.

Source: Netcraft

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy
Author