Netcraft Identifies EA Games Website Hacked for Phishing
Internet security firm Netcraft found that an ea.com domain had been turned into a phishing website aimed at Apple ID users. The EA Games server is used to host two websites, though it is primarily used for an online calendar.
The phishing site brought users to a page that appeared to be the Apple ID login page. After submitting login information, the user would then be asked to fill out a personal information form including full name, credit card number, expiration date and CVV code, and mother's maiden name fields. The user would then be redirected to Apple's actual Apple ID page.
EA's hosted calendar was based off of WebCalendar 1.2.0, which was released in 2008. Netcraft believes it was the version being used that allowed the hackers to access the server, as WebCalendar has since had several vulnerability patches.
According to Netcraft blog post, "CVE-2012-5385 details a vulnerability which allows an unauthenticated attacker to modify settings and possibly execute arbitrary code. It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application."
Netcraft points out that this sort of attack can be used for more than obtaining personal information. Because this server is part of EA's own network, the hacker could potentially use it as a "stepping stone" to gain further access to the network. However, there has been no evidence of this happening during this particular attack and EA has released a statement saying the server has been secured and patched.
EA was the target of what appeared to be a distributed denial of service (DDoS) attack earlier this year. The attack caused login and connectivity problems among their Origin servers, which host many of EA's online-only video games. Hacking group Derp took responsibility for the attack.
Netcraft provides regular security audits that aim to discover software vulnerabilities; for more information visit netcraft.com.