Hackers caught using EA Games servers to phish for Apple IDs

ea games

According to a new report from security research firm Netcraft, Electronic Arts’ servers have been compromised. Two websites from the video game publisher’s domain have been hacked and are now hosting phishing pages setup to steal Apple ID and credit card information.

It works like this: when a potential victim arrives at one of the pages, they are asked to enter their Apple ID and password. Once completed, they’re taken to a second page which asks for personal details and credit card info, and then redirected to the official Apple ID website…

Here’s more from Netcraft’s report:

“The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

The compromised server is hosted within EA’s own network. Compromised internet-visible servers are often used as “stepping stones” to attack internal servers and access data which would otherwise be invisible to the internet, although there is no obvious outward facing evidence to suggest that this has happened.”

The firm says that the hacker was able to gain access to EA’s servers by installing and executing arbitrary PHP scripts. So at the very least, it’s likely that the attacker can view contents from all of the user calendars on the site, as well as source code and other data stored on the servers.

EA provided the following statement to The Verge:

“Privacy and security are of the utmost importance to us, and we are currently investigating this report,” an EA spokesperson writes in an email to The Verge. The fake page was said to still be live this morning; as of this afternoon, EA said that it had disabled any fake websites that it may have found. “We’ve taken immediate steps to disable any attempts to misuse EA domains,” a spokesperson said. Nonetheless, EA said that it had yet to confirm the “underlying claims” made by the security researchers.”

With one of the largest databases of customer information—500 million iTunes accounts and counting—Apple and its users are frequently the targets of hackers. The company has thus far managed to avoid any major incidents though, outside of last year’s public developer site hacking.