Researchers with Check Point and CyberInt recently found a critical vulnerability in EA Origin, a highly popular digital distribution platform for EA video games. By exploiting the flaw, threat actors could have obtained access to the user accounts of over 300 million players.
Exploitation of the vulnerability did not require the theft of login credentials because the researchers found a way to obtain single sign-on (SSO) authorization tokens instead. SSO tokens can be used for authentication as well and, unlike passwords, they can be stolen without user interaction. In this case, the researchers managed to take over the inactive EA subdomain eaplayinvite.ea.com and inject it with malicious code that would steal SSO tokens of players visiting the page. It would have been easy for an attacker to distribute the URL to players via phishing messages. And since the domain was an official EA domain, it is likely that many recipients would have clicked on the link.
The flaws were patched by EA earlier this year after the researchers notified the company.
Read more: EA Origin had a vulnerability that left 300 million players potentially exposed