If you’ve been prompted to enter your Apple ID login, payment and security credentials via an EA Games subdomain recently, change your passwords immediately.
Same goes if you’ve logged in at an EA Origin subdomain within the past week: change your passwords and connected accounts ASAP.
Security auditor Netcraft announced yesterday it has discovered a slick Apple ID phishing scam running smoothly on an EA server, and a second phishing scam posing as an EA Origin login page. EA Origin is a popular games platform with an estimated 9.3 million users.
EA told press it patched the vulnerability later that night – but did not comment on the second compromise posing as an Origin site, also discovered by Netcraft and reported to be still in operation.
About the Apple phishing compromise EA told BBC last night, “We found it, we have isolated it, and we are making sure such attempts are no longer possible.”
Netcraft said EA’s server compromise could have been avoided with security updates on a known issue with EA’s 2008 version of WebCalendar 1.2.0. which was running on the server.
Netcraft said, “It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application.”
It is unknown how long the phishing operation had been running, or how many Apple accounts were compromised.
For more information and the complete story click the source link below.
Source: ZD Net