EA patches Origin vulnerabilities that could put 300 million users at risk

EA Origin

EA patched major vulnerabilities in their Origin game store that could put millions of the company’s users at risk. First spotted by Check Point Research and CyberInt, these vulnerabilities could allow hackers to hijack over 300 million Origin user accounts around the world. The cybersecurity companies had alerted EA which moved quickly to address the matter.

EA happens to be one of the largest game publisher and developer in the world. Its titles leverage the company’s Origin digital distribution platform similar to Steam, to allow customers to purchase and play the game. Since it is the only way to get newly-released EA games on PC, it has built up a user base of millions of people over the years.

Check Point Research and CyberInt claim that Origin has security flaws, that would have allowed hackers to hijack Origin accounts without having to steal login credentials first. Instead, hackers could have obtained access to these accounts by stealing authentication tokens using abandoned subdomains and taking advantage of OAuth Single Sign-On and the TRUST mechanisms built into EA login systems.

That is the very condensed version at least, with more information available in the in-depth technical analysis of Check Point Research’s blog. The video you see embedded above also shows the process of stealing an authentication token and using it to hijack the accounts of unwitting users who think that they have just claimed a 7-trial of EA Origin Access Basic. The video certainly makes it seem like a very straightforward and easy process, which is not very comforting.

If the vulnerabilities had been exploited, it would have caused a lot of problems for EA and Origin users. Millions of accounts would have been compromised and EA would certainly find itself in hot water.

Check Point and CyberInt disclosed the vulnerabilities responsibly to EA so that it could fix them and roll out an update before they could be exploited by hackers. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues”, confirmed Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts.

It really seems like EA and Origin users dodged a pretty big bullet here because a vulnerability like this definitely had the potential to put a lot of people at risk.

Source

Raja Rajan Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesnโ€™t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Googleโ€™s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading