Apple IDs Being Phished From EA Game Servers By Hackers

Netcraft, the security research company, reports that serves of Electronic Arts were recently compromised. Two websites from EA’s domain have been hacked and they host two phishing pages to steal credit card information and Apple ID. 

For example, if you arrive at one of these pages, you’ll be asked to enter your password and Apple ID. After that, you’ll be taken to a second page which will ask for your credit card info and personal details, and then you’re taken to the official Apple ID page.

Here are more details from the source’s report:
“The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at 
The compromised server is hosted within EA’s own network. Compromised internet-visible servers are often used as “stepping stones” to attack internal servers and access data which would otherwise be invisible to the internet, although there is no obvious outward facing evidence to suggest that this has happened.”
They say that the hacker gained access inside EA’s servers through installation and execution of PHP arbitrary scripts. So it’s possible that the hacker is able to gain access to the contents from the user calendars, along with data and source code stores on servers.

The Verge has the following statement from EA:
“Privacy and security are of the utmost importance to us, and we are currently investigating this report,” an EA spokesperson writes in an email to The Verge. The fake page was said to still be live this morning; as of this afternoon, EA said that it had disabled any fake websites that it may have found. “We’ve taken immediate steps to disable any attempts to misuse EA domains,” a spokesperson said. Nonetheless, EA said that it had yet to confirm the “underlying claims” made by the security researchers.”
Apple and its users has been a frequent target of hackers, with more than 500 million registered accounts and more. The company managed to avoid major incidents, apart from developer site being hacked last year.

So you have been warned!


blog comments powered by Disqus
Octofinder Blog Catalog