Save $62 on Star Wars Outlaws 5 Best LEGO Star Wars Outlaws Warhammer 40K Space Marine 2 The First Descendant Once Human 15 Best CoD Merch/Gifts
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
origin ea down
Category:
News

EA patched an Origin vulnerability that threatened millions of users

Better safe than sorry.
Image of PCInvasion Staff
PCInvasion Staff
|

Published: Jun 26, 2019 06:38 pm

This article is over 5 years old and may contain outdated information

According to a CNET report, Electronic Arts recently had to patch a vulnerability in its digital distribution client Origin. Security researchers from Check Point and CyberInt found that the vulnerability could have exposed millions of users to a security flaw that would have allowed hackers to hijack accounts without login or password theft. Instead, the exploit would steal a single sign-on authorization token, giving the hackers complete control. Oded Vanunu, head of products vulnerability research for Check Point, said in a statement: “EA’s Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts.”

Recommended Videos

As an alternative authentication method, access tokens are similar to passwords. They work as codes that services generate to keep you logged in. Last year, there was a similar vulnerability on Facebook, which also used access tokens as the way through to user accounts. The security researchers found the vulnerability by taking control of a subdomain owned by EA, specifically the site “eaplayinvite.ea.com,” which was inactive and hosted on Microsoft’s Azure cloud web service. The researchers requested to take over the inactive domain from Azure and managed to turn it into a phishing trap, enabling them to send malicious links to Origin users. Since the main EA site hosted it, users were more likely to trust the link.

Origin, Steam, GOG Galaxy, and vulnerabilities

This kind of security issue tends to go with the territory. Earlier this year, GOG Galaxy also had a patch for security issues. Last year, we reported on a Steam chat spying exploit. Gaming clients full of features are a hotbed for security issues. As such, it’s always smart to keep your client updated with the latest patch. Origin is safe to use now, as long as you have the latest patch.

CyberInt and Check Point notified EA in February, and Origin received a patch to fix the vulnerability within three weeks. Adrian Stone, EA’s director of game and platform security, had a statement provided by the security researchers. “Protecting our players is our priority. As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues.”

Are you using the latest version of Origin? Have you ever had any issues with phishing? Drop your comments below! We’d like to read about your experiences.

Post Tag:
Electronic Arts
Origin
PC Invasion is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
related content
Author
Image of PCInvasion Staff
PCInvasion Staff