EA Sites Hacked With Phishing Scheme For Apple ID Users


Screen Shot 2014-03-19 at 9.28.41 PM

If you’re a player of EA video games, better watch out: an EA Games server has been hacked to phish for your Apple ID. But here’s the good news: you had to be using Windows to get nailed by the attack.

According to Netcraft, two websites in the EA.com domain used the compromised server, which resulted in the following exploit:

The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

Netcraft blocked access to the phishing sites, and alerted EA, who said that the site has since been shut down.

“We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us,” said EA spokesperson John Reseburg.

Just a reminder, folks. Always check the address bar in your browser before you start typing in passwords.

Source: Netcraft