Check Point Research and CyberInt spotted vulnerabilities in EA’s Origin platform which if exploited could have put millions of the company’s users at risk. Hackers could have hijacked and exploited millions of Origin accounts had they exploited the vulnerabilities. The cybersecurity companies had alerted EA which moved quickly to address the matter.
EA happens to be the world’s second largest gaming company with its titles leveraging the Origin gaming platform to allow customers to purchase and play games on PC and mobile. It also offers social features such as profile management, networking via chat, and direct game joining.
These vulnerabilities relied on abandoned subdomains, EA’s use of authentication tokens, TRUST mechanisms, and single sign-on integrated into the login process. If the vulnerabilities had been exploited, it would have caused a lot of problems for EA and Origin users. Millions of accounts would have been compromised and EA would certainly find itself in hot water.
Check Point and CyberInt disclosed the vulnerabilities responsibly to EA so that it could fix them and roll out an update before they could be exploited by hackers. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues,” confirmed Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts.