Israeli cybersecurity firms CyberInt and Check Point have discovered a major security flaw that has left 300 million EA and Origin accounts vulnerable to potential hacks.
According to Check Point Research’s official report on their website, the security flaw is related to EA’s use of authentication tokens in conjunction with the oAuth Single Sign-On (SSO) and TRUST mechanism. While most systems require login details, in this particular instance, EA’s login system relies on authentication tokens.
As detailed in Check Point Research’s report on the EA account hack:
“During CyberInt’s research, though, they found that the ea-invite-reg.azurewebsites.net service was not in-use anymore within Azure cloud services, however, the unique subdomain eaplayinvite.ea.com still redirect to it using the CNAME configuration.
The CNAME redirection of eaplayinvite.ea.com allows us to create a new successful registration request at our own Azure account and register ea-invite-reg.azurewebsites.net as our new web application service. This allowed us to essentially hijack the subdomain of eaplayinvite.ea.com and monitor the requests made by EA valid users.”
Of course, all of this may sound very complicated but Check Point Research dives into much detail in their report.
In an emailed statement, Adrian Stone, Senior Director of Game and Platform Security at EA commented on the hack:
“Protecting our players is our priority. As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”
Oded Vanunu Head of Products Vulnerability Research at Check Point commented in an emailed statement that: “EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts.”
“Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”
Back in 2018, a Fortnite account hack, unfortunately, resulted in a child’s personal information being leaked on the dark web. However, this was a much larger system’s vulnerability that could’ve resulted in potentially 300 million EA user accounts being hacked.
The good news is that Cyberint and Check Point Research’s report has identified a flaw that, if exploited, could’ve resulted in millions of dollars of loss to the company and consumers. They have since informed both EA and Origin on this vulnerability and the companies are already taking steps to ensure security against future hacks.