Hackers infiltrate Electronic Arts site to steal customer Apple IDs
Credential-stealing malware; Network intrusion; Man-in-the-middle attack; Software vulnerability
Software errors in a calendar application are probably what allowed attackers to compromise an EA server and create a fake “phishing” site designed to look like an Apple login page, according to researchers at Netcraft.
“EA did not say how many people, if any, were tricked into submitting their Apple IDs and other information on EA’s site,” PCWorld reports, noting that “the company is generally not associated with Apple, making it a curious candidate for hackers seeking Apple IDs.”
The attacker might have used the calendar’s flaws as an entryway to penetration deeper into EA’s network.
The hacker installed code on EA’s server probably to view the contents of EA’s calendar application as well as other source code and data.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
Entertainment; Web Services
March 19, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected
March 18, 2014