EA Origin exists a vulnerability: 300 million users may be threatened

Recently, researchers from Check Point Research and CyberInt disclosed a vulnerability from the EA Origin service. Origin is a Steam-like digital distribution platform launched by EA. Since it is the only way to get a new release of EA games on a PC, it has a large number of users and has reached millions.

“ea origin”by Colony of Gamers is licensed under CC BY-NC 2.0

Check Point Research and CyberInt pointed out in a report today that the vulnerability could have affected as many as 300 million original users from around the world. This vulnerability allows a hacker to hijack an original account. They can access these accounts by stealing authentication tokens using obsolete subdomains and leveraging OAuth single sign-on and the trust mechanism built into the EA login system.

In fact, this attack exploits the deprecated subdomains in EA’s Microsoft Azure account and then creates seemingly legitimate phishing links. Once the victim clicks on the link, Check Point and CyberInt can get their authentication token and hijack their account without having to log in to the email or password. However, Check Point and CyberInt reminded EA before any malicious actor could exploit the vulnerability.

Via: CNET