Check Point Research and CyberInt had earlier spotted vulnerabilities in EA’s Origin platform which could have let malicious actors exploit millions of user accounts. The exploit could have resulted in account takeover and identity theft. EA has announced that it has patched the issue.
In a statement, EA said, “This was reported to EA privately by CyberInt through our Coordinated Vulnerability Disclosure program. As soon as the issue was raised, EA engaged with CyberInt to resolve the vulnerability reported. We also closely monitored the situation and were able to verify that the vulnerability was not exploited and no player information was exposed.”
Check Point Research and CyberInt believed that the vulnerabilities could have helped an attacker gain access to user credit card information and purchase in-game currency.
EA has 300 million registered users but only a fraction of the users are regularly active on Origin. EA clarified and said that the reported vulnerabilities were resolved in the back-end architecture of some authentication protocols.
Check Point Research has also said that it has found additional vulnerabilities in other platforms which are used by Epic Games for ‘Fortnite’. Oded Vanunu, Check Point Research’s head of products vulnerability research said: “These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”