Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsEA Games website hacked to steal Apple IDs
http://news.netcraft.com/archives/2014/03/19/ea-games-website-hacked-to-steal-apple-ids.htmlAn EA Games server has been compromised by hackers and is now hosting a phishing site which targets Apple ID account holders.
The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several security vulnerabilities which have been addressed in subsequent releases. For example, CVE-2012-5385 details a vulnerability which allows an unauthenticated attacker to modify settings and possibly execute arbitrary code. It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application.
The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
<snip
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 576 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (0)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
EA Games website hacked to steal Apple IDs (Original Post)
LiberalArkie
Mar 2014
OP
seveneyes
(4,631 posts)1. Lackluster response by EA
Netcraft has blocked access to all phishing sites mentioned in this article, and informed EA yesterday that their server has been compromised. However, the vulnerable server and the phishing content is still online at the time of publication.
SwankyXomb
(2,030 posts)2. EA making a late run to hold on to their
Worst Company in America award for a record third year.
Blue_Tires
(55,445 posts)3. I think the same ruse was used a few years back
then they were trying to steal PSN and XBL IDs from the FIFA site....