EA games web servers hacked, thieves make off with Apple IDs before being discovered

Web servers belonging to games publisher Electronic Arts were compromised by hackers and used to host a phishing website, which harvested the Apple ID and passwords of unsuspecting users, it has been revealed.

According to internet security firm Netcraft, the compromised server was used by two websites in the ea.com domain, and would ordinarily host a web calendar. However, hackers breached the server and replaced it with a convincing phishing site, which tries to trick victims into giving up their Apple ID and password. Should a user enter these details, a second screen then appears asking for more information including a full name, date of birth, phone number, mother’s maiden name and credit card information – essentially everything someone would need to steal your identity and start using your bank account.

Netcraft screenshots showing the compromised servers

After Netcraft informed EA of the breach, the company moved swiftly to lock it down and prevent anyone else falling victim to the scammers. Speaking to Kotaku, an EA representative said “We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.”

There’s currently no indication as to how long the server was running compromised code, or how many victims entered their details before the breach was spotted. If you think you may have been affected, we would suggest changing your Apple ID password at the very least.

This isn’t the first time EA has come under fire from hackers and malicious attacks. The Origin digital distribution platform was brought down earlier in the year when a massive distributed denial of service (DDoS) attack caused connectivity issues for a range of EA games. Poor multiplayer performance in Battlefield 4 was also blamed on DDoS attacks following a choppy launch.