An account hijacking vulnerability has been found in the platform that delivers the popular battle royal 'Apex Legends'
The PC version of the popular battle royal game '
Account Takeover Vulnerability Found in Popular EA Games Origin Platform
https://thehackernews.com/2019/06/ea-origin-game-hacking.html
The vulnerabilities discovered this time are summarized in the following movie
EA Games Vulnerability Leads to Account Breach & Identity Theft-YouTube
First, an attacker sends a malicious URL to a victim logged in to an Origin account.
When the victim clicks on the sent URL, it shifts to the login screen to Origin.
Here, an attacker can steal an Origin login session token. This seems to be an attack that exploits the security hole that Origin using Microsoft Azure has made when linking to a subdomain of EA. By exploiting this security hole, attackers can set up unique and malicious services in their own Azure instances in hijacked subdomains.
By logging in using the token that the victim got illegally ......
Access to the victim's EA account. Once accessed, you can view the victim's credit card information and order history.
The attacker bypasses the authentication process and accesses the victim's Origin account ...
Play Apex Legends ...
You can also purchase in-game content using the victim's credit card.
Although this series of phishing attacks requires a fairly complex process, the risk of being taken over by nearly 300 million users who own EA accounts is always threatened. Researchers immediately report this vulnerability to EA and collaborate on corrections. It seems that about three months have passed since EA addressed the issue and released the information.
Related Posts:
