EA fixes a 'chain of vulnerabilities' that could have put millions of Origin gamers at risk
EA has fixed a series of security issues on its Origin gaming service which could have been exploited by attackers to take control of user accounts and gain access to personal data.
EA Origin's security flaws meant that more than 300 million gamers were put at risk. Israeli security firms Check Point said that attackers could take advantage of a "chain of vulnerabilities" to attack players of games such as FIFA, Maden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer, and Medal of Honor.
See also:
- Security flaw in Dell SupportAssist tool puts millions of Windows systems at risk
- Netflix discovers SACK Panic and other Linux security flaws
- Security software is causing Firefox users to lose saved passwords
The vulnerabilities found in EA Origin did not require the user to hand over any login details, but exploited the use of authentication tokens in conjunction with the oAuth Single Sign-On (SSO) and TRUST mechanism that is built into EA Game's user login process.
In a statement, Oded Vanunu from Check Point, said: "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts".
A post on the Check Point blog explains:
In the last few weeks, Check Point Research has combined forces with CyberInt to identify a chain of vulnerabilities that, once exploited, could have led to the takeover of millions of player accounts within the world's second largest gaming company, EA Games. The potential damage could have involved an attacker gaining access to a user's credit card information and the ability to fraudulently purchase in game currency on behalf of the user.
CyberInt and Check Point immediately notified EA Games of these security gaps and together leveraged their expertise to support EA in fixing them to protect their gaming customers.
Check Point also shared a video which shows how the vulnerabilities could have been exploited: