According to a report by Check Point Research and CyberInt, Electronic Arts’ Origin gaming client is suspected of various vulnerabilities that could have led to player account takeover and identity theft.
CyberInt and Check Point researchers have apparently pointed out the issues to EA to fix the vulnerabilities and roll out an update before a major exploit could happen. The two companies have joined hands with EA in developing the fixes and to further protect the gaming community. The vulnerability could have allowed a threat actor to hijack a player’s session, resulting in account compromise and takeover. It didn’t require the user to hand over any login details, instead, it took advantage of abandoned subdomains and EA Games’ use of authentication tokens in conjunction with the OAuth Single Sign-On (SSO) and TRUST mechanism built into EA Games’ user login process.
Protecting our players is our priority,” said Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”
EA is one of the world’s largest gaming companies and has popular gaming titles under its portfolio like FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer and Medal of Honor. The games leverage the Origin client gaming platform, which allows users to purchase and play EA’s games across PC and mobile. Origin contains social features such as profile management, networking with friends via chat, and direct game joining. It also includes community integration with sites such as Facebook, Xbox Live, PlayStation Network, and Nintendo Network.
Check Point and CyberInt have advised users to enable two-factor authentication and only use the official website when downloading or purchasing games. It has also advised parents to create awareness among their children around the threat of online fraud, that cyber criminals will do anything to gain access to personal and financial details.