recommended reading

Threatwatch

Hackers infiltrate Electronic Arts site to steal customer Apple IDs

Credential-stealing malware; Network intrusion; Man-in-the-middle attack; Software vulnerability

Software errors in a calendar application are probably what allowed attackers to compromise an EA server and create a fake “phishing” site designed to look like an Apple login page, according to researchers at Netcraft.

“EA did not say how many people, if any, were tricked into submitting their Apple IDs and other information on EA’s site,” PCWorld reports, noting that “the company is generally not associated with Apple, making it a curious candidate for hackers seeking Apple IDs.”

The attacker might have used the calendar’s flaws as an entryway to penetration deeper into EA’s network.

The hacker installed code on EA’s server probably to view the contents of EA’s calendar application as well as other source code and data.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Entertainment; Web Services

reported

March 19, 2014

reported by

PCWorld

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

March 18, 2014