On the Internet, nothing is safe, regardless whether it's an individual or a company. This week, another big shot succumbs to the cruel world that is filled with hackers. Electronic Arts suffered a data breach that compromised Apple IDs.
Hackers were able to get into EA Games servers and use them to set up phishing sites in order to grab Apple ID information. Netcraft, who initially reported this breach, alerted EA within 10 hours of the findings to tell the company about the security issues. It is believed that the hackers used a known security exploit in an outdated version of WebCalendar, an Internet app used to maintain calendars for a single user or a group of people.
Obviously having older software on a system can raise security concerns, especially when updated editions have fixed known flaws. On the matter, a Netcraft spokesperson said,
The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network.
So how did the site work? Well, if you visited EA.com in the past couple of weeks, you may have been asked to enter either your EA, Origin or Apple ID and password. It then would ask you to supply your full name, credit card number, expiration date, verification code, birthdate, phone number and many other pieces of vital information. After submission of your Apple ID, the site redirected you to the Apple ID website. For Origin, the phishers were using an EA Games server to accomplish the same goal. This shouldn't have to be repeated in another outlet, but nobody from EA nor any other company will ever ask you for your password or other identifiable information without you triggering a password reset first. If you entered your information in the past month, change your password on EA/Origin and Apple, and change it on sites that you used the same password.
EA spokesperson John Reseburg said this week that,
We (EA) have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.
Like I said, nobody is safe anymore and precautions need to be taken on an individual level because data breaches happen on a weekly basis now.