EA Patches Flaw, Blocks Apple ID Phishing Scam

| News

The gaming company EA has fixed a security flaw that let hackers use one of its servers to stage a phishing scam to trick victims into revealing their Apple IDs. Hackers used known issues in a years-old version of a Web calendar module as their hook into EA's servers.

EA patches server, blocks Apple ID phishing scamEA patches server, blocks Apple ID phishing scam

EA updated the Web calendar module overnight, according to the BBC, and is now saying the hackers have been stopped from using its servers. "We found it, we have isolated it, and we are making sure such attempts are no longer possible," the company said in a statement.

The hackers gained access to EA's server through a 2008 version of WebCalendar that hadn't been updated. Once in, they set up a phishing scam designed to trick victims into giving up their Apple ID user name and password, as well as other pieces of personal information that could be used for identity theft.

If you suspect that your personal information, site logins, or other data may have been taken in a phishing scam, check out the Federal Trade Commission's website on dealing with identity theft.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

It's great that EA acted so quickly to shut down the phishing scam. It isn't so great that they still had a version of WebCalendar from 2008 with known security vulnerabilities sitting there ready and waiting for hackers.

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account