20 Mar 2014

EA Games Hacked to Steal Apple Credentials

An EA Games server was breached to host a phishing website targeting Apple ID account owners, according to The Verge.

Hackers exploited a security flaw in an outdated version of WebCalendar installed in 2008, and used it to create the spoof Apple login page where users were asked for their Apple ID and password. The fake page seemed to belong to a subdomain of EA.com.

After entering their credentials, users were asked to verify other personal information, including name, credit card number and phone number. After doing so, they were redirected to the authentic Apple ID website.

EA is currently investigating the matter. "Privacy and security are of the utmost importance to us, and we are currently investigating this report," an EA spokesperson said via email.

The number of affected users has not been disclosed, or if any internal server data was accessed.