Electronic Arts (EA) is the second largest gaming company in the world with popular titles under its name like FIFA, NFL, UFC, Battlefield, Medal of Honor, NFS and so on. The company has more than 300 million users on a global scale. But recently, Check Point Research and CyberInt has found a major vulnerability in the EA (Electronic Arts) Origin gaming client. The chain of vulnerability in the gaming client would have exposed more than 300 million EA’s user accounts. The vulnerabilities could then have been exploited and used to take over, and identify theft of the user’s accounts on a global scale.
Origin is the gaming client of EA and it allows the users to purchase the games from EA’s stores, and play across various platforms. Other than that, the gaming client also comes with features such as profile management, networking with friends, chatting, direct game joining etc. Origin also has integration with some of the world’s most well-known social media and gaming platforms such as Xbox Live, PlayStation Network, Nintendo Network, Facebook etc.
Once the vulnerability was found, the CyberInt and Check Point researchers forwarded it to the EA itself so that the company could roll out a new update for Origin before someone took advantage of it. The researchers also supported and helped EA to develop the fix for the vulnerability and protect the gaming community. It should be noted that the vulnerability was not taken advantage of, and EA is currently developing a fix for it. But it posed a major threat to the user accounts on Origin as someone could have used the vulnerability and taken over the user’s account.
Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts said, “Protecting our players is our priority, as a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”
Talking about the vulnerability in the EA’s Origin gaming client, it did not require the user to give his login details. Instead, it took advantage of the abandoned subdomains and EA Games’ use of authentication tokens in conjunction with the OAuth Single Sign-On (SSO) and TRUST mechanism built into EA Games’ user login process. If exploited, the hackers could take over the user’s profile and access his financial and personal details, which could be a big problem for both the company and the users as well.
Although EA is developing a fix for the vulnerability, but Check Point and CyberInt has advised the users to enable their two-factor authentication and only use the official EA website to download or purchase the games. Check Point and CyberInt has also asked the users to “be vigilant when receiving links sent from unknown sources”.
“EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,” said Oded Vanunu, Head of Products Vulnerability Research for Check Point. “Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.
