EA’s web server was hacked according to Paul Mutton from internet security company, Netcraft on their blog.
The page that had been put in place by hackers asks users to enter their Apple IDs followed by a second screen which gets users to enter further personal information, including credit card details.
The vulnerability on the EA server appears to have emerged from a piece of calendar software that was running on an older version but has had numerous updates made to it but hadn’t been applied to the EA.com version.
Website users should check that websites are secure before entering any private information by looking for the padlock icon. Some browsers also turn the address bar green as a confirmation that the site is legitimate.
Michael Sutton, from security research firm Zscaler, said that hackers using legitimate websites to host their malicious content was now a standard rather than making a dedicated site elsewhere.
“Social engineering attacks always involve an element of communication – the victim must be tricked into performing an action such as providing data, clicking on a link, downloading a file, et cetera. Attackers have learned that it’s far easier to simply infect an already popular web property than to attempt communication with victims directly,” he said.
EA has since removed the offending page from the server.