An Electronic Arts web server has been hacked to become a host of a phishing website it has been revealed today. The security company Netcraft has informed the Internet community that a website has been put in place that requires users to input their Apple IDs and personal information, making people believe that they are using an Apple service by directing them to the real Apple ID page. This is yet another breach in EA server security this year, with past problems involving users not being being able to use EA services such as accessing online games.
The hacking group known as Derp is claiming responsibility for the hack through the social media site Twitter, who have claimed many other attacks to EA servers in the past.
Paul Mutton of Netcraft said in a blog that it was likely a venerability in an online calender application hosted by the web server that made the attack possible as it could of been exploited by hackers. He went on to say that “the mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities “.
This is yet another example of real websites such as EA being exploited to be used to host malicious content, a trend that seems to be more common these days. The BBC published a statement from EA saying that “Privacy and security are of the utmost importance to us, and we are currently investigating this report”.
Phishing is a method used by hackers that attempts to require information such as passwords and credit card details by pretending to be a trust worthy business such as a bank. The most common form of phishing is email and instant messaging spoofing that infects the victim with malware software to access sensitive data, though it has taken on new forms as this recent incident has shown.
At the time of writing, the phishing website being hosted on the compromised EA server is still online.