A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players’ accounts and steal sensitive data.
The vulnerabilities in question reside in the “Origin” digital distribution platform developed by Electronic Arts (EA)—the world’s second-largest gaming company with over 300 million users—that allows users to purchase and play some of the most popular video games including Battlefield, Apex Legends, Madden NFL, and FIFA.
The Origin platform also manages users EA Games account authentication and allows them to find friends, join games, and manage their profiles.
Discovered by researchers at Check Point and CyberInt, the vulnerabilities when chained together could have allowed attackers to hijack gamer’s EA account just by convincing them into opening an official webpage from the EA Games website.
To perform this attack, as shown in the video demonstration, researchers took advantage of a long-known unpatched weakness in Microsoft’s Azure cloud service that allowed them to takeover one of the EA subdomains, which was previously registered with Azure to host one of the Origin’s services.
images from Hacker News