A vulnerability was recently discovered on EA Origin which exposed over 300 million people to possible account theft. The vulnerability allowed hackers to take over accounts without a username or password.
A major issue was discovered on EA Origin which could affect hundreds of millions of players.
SponsoredThe Origin platform is commonly used for hit games franchises like Battlefield, Madden NFL, NBA Live, and FIFA.
Security researchers at Check Point and CyberInt have found, however, that this gaming community may now be at risk.
EA Origin: Major Exploit Discovered
The discovered exploit allows hackers to break into accounts without any login info. Instead, all they need is the user’s Single Sign-On authorization token — a method of authentication on the EA Origin platform, similar to passwords, that exist as a generated code.
Although not easy to steal, security researchers stressed it is still possible. Worst of all, it is much harder to track. A similar vulnerability was previously discovered on Fortnite and even on Facebook.
Through the exploit, security analysts were able to overtake an EA subdomain and use it to create a phishing website successfully. With the subdomain, hackers could easily fool users since the URL looks legitimate.
SponsoredWith the strategy, security researchers say that EA’s access tokens could easily be stolen. What’s worse is that the security team reached out to EA in mid-February and were told it would be fixed “within three weeks.” EA has now finally patched the problem, months later.
Alternatives Are Desperately Needed
The EA vulnerability points to a greater problem that needs addressing.
Today, many gaming platforms offer their games and various add-ons as a service. In short, they are stored digitally and you “own” them — but they are technically only tied to your account.
As our digital identities and accounts become more and more linked to the services and products we buy, there is a greater need for security. Centralized systems, storing our personal data, will always be ripe for vulnerabilities and exploits. Distributed ledger systems, however, offer a decentralized alternative.
EA might learn something by paying attention to what Sony is doing. In April 2018, Sony filed a patent for a blockchain-based Digital Rights Management (DRM) system. This means that, in the future, every game you buy on the PSN Network will be recorded in an automated blockchain-based system that is impossible to tamper with. The DRM system will also promote game trading and various means of authentication.
Do you believe EA should invest more money in secure platforms? Have they been neglecting security? Let us know your thoughts below.
