EA Games server compromised, breach targets Apple IDs
Nothing on the internet is safe these days. Even point-of-sale systems in stores we regularly shop in can be accessed and stolen from -- witness Target to name only one recent high profile example. However, when it comes to computers, some users see Apple as more secure. While that may be a result of simply being less targeted, there is also nothing that the company can do to protect people from themselves.
Security firm Netcraft, which boasts customers that include British Telecom, Microsoft and Cisco, has detailed a sneaky new attack. EA, the popular game maker, has had one of its servers compromised so it can host phishing attacks that target Apple IDs.
Worse, it seems that EA was running outdated software that enabled the malicious activity. "The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several security vulnerabilities which have been addressed in subsequent releases", the researchers announce.
This will not simply steal your data. As indicated by the word "phishing", it attempts to trick the user into voluntarily handing over the information. However, once the user name and password has been entered, the system proceeds to fleece the user of identification and credit card information.
Netcraft also warns that external server compromisation such as this is sometimes representative of further internal breaches seeking to poach stored data from the company.
This is not the first time EA has been targeted, as its Origin servers were also attacked in January. Netcraft claims it has blocked access to the compromised sites it found on the server and warned EA of the issue. However, it also cautions "the vulnerable server -- and the phishing content-- is still online at the time of publication".