Gamers if you’re wondering why EA might be asking for your Apple ID and password, amongst other more sensitive information like your full name, credit card number, expiration date, and so on, chances are you might have stumbled upon a phishing website that aims to steal Apple ID information from unsuspecting users.
This is according to internet security and research company, Netcraft, who has recently discovered one of EA Games’ servers has been compromised in which the hackers have used the server to host a phishing site that steals Apple ID from users.
On top of that, it seems that the phishing website is also used to steal the credentials used by EA Origin players, which presumably will also have credit card information tied to it as well. According to Netcraft, they suspect that the server was compromised due to websites on the server reportedly running an outdated version of WebCalendar 1.2.0 (which has since been patched).
EA when notified released a statement (via TheVerge) claiming that they are investigating the reports. “Privacy and security are of the utmost importance to us, and we are currently investigating this report… We’ve taken immediate steps to disable any attempts to misuse EA domains…”
Thankfully EA did not take too long to find out what was wrong and are working to ensure that the vulnerability will no longer be exploitable. According to an EA spokesperson, “We found it, we have isolated it, and we are making sure such attempts are no longer possible.” In the meantime it is unclear how many Apple IDs might have been compromised in the process.