Hackers transform EA Web page into Apple ID phishing scheme
One of the game maker's servers is breached -- allowing hackers to create a phony Apple log-in screen that prompts users for personal information. EA says it now has the situation under control.
Using some trickery, hackers were able to breach Electronic Arts' Web site and transform one of its pages into a bogus Apple log-in screen. Once users logged on to the fake site, they were prompted to input their credit card numbers, date of birth, and other personal information.
Security firm Netcraft discovered the breach and notified EA on Tuesday. The game maker told CNET that it investigated Netcraft's claims and as of Wednesday the phishing page is gone.
"We have found it, we have isolated it, and we are making sure such attempts are no longer possible," EA spokesman John Reseburg told CNET. "Privacy and security are of the utmost importance to us."
The way the hackers created the fake Apple screen was by accessing one of EA Games' servers, according to Netcraft. The server hosted an outdated calendar that had several vulnerabilities and was likely the way the hackers got into the system to set up the phishing page.
"The phishing site attempts to trick a victim into submitting his Apple ID and password," Netcraft wrote in a blog post. "It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID Web site."
This isn't the first time EA has been the victim of hackers. Years ago, a malicious attack on one of EA's servers led to the inaccessibility of its online Scrabble game. And in 2011, another of the company's servers, which hosted its BioWare Neverwinter Nights forum, was breached and some customer information was stolen.
In this latest hack, it's unclear if user data was stolen. However, according to Netcraft, it's unlikely because the security firm added the phishing page to a blocking list that is provided to major Web browsers.