EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers
In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.
As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.
The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player’s accounts without needing the login or password.
Stealing ‘Access Tokens’ can be a bit more complex than stealing passwords, however, it still is possible. It’s because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.
On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, “EA’s Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,”
Referencing from the statements given by Alexander Peleg in an email in the regard, “We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix,”