As Electronic Arts — one of the world’s largest video game publishers — fixes a flaw that left more than 300 million gamers vulnerable to hackers, a cybersecurity researcher is urging platforms to add additional layers of protection for when players log on.
Oded Vanunu, of cybersecurity firm Check Point, told Cheddar Wednesday, “It’s very important to understand that this kind of huge platform that serves millions of users are very perfect platforms for malicious actors’ cybercrime.”
The Israel-based Check Point, along with the cyber-threat detection company CyberInt, published a report laying out flaws that EA has now addressed.
The vulnerabilities were found on EA’s Origin network, a digital platform the company uses to distribute games, including "Madden NFL" and "The Sims," online.
Check Point’s technical analysis explained that the security flaws stemmed from abandoned subdomains and issues with how the gaming company had developed its user log-in system.
If the vulnerabilities had been exploited by hackers, Vanunu says they could have enabled identity theft and account takeover.
“Once you have the accounts, you control the players, you control the games, you control the credit information, you control the friends that are in your community” said Vanunu.
Both Check Point and CyberInt called on platforms to make two-factor authentication available, and for users to take advantage of the feature. “If someone manages to steal your account, they still won’t have access to the second factor. And it’s random,” explained Vanunu.
Vanunu added that EA's Origin isn’t the only gaming platform to experience this kind of vulnerability.
Earlier this year, the researchers found a similar security flaw on the popular online game Fortnite.
And just two months ago, TechCrunch reported that researchers had found a vulnerability on EA’s Origin app that would have allowed hackers to remotely run unapproved code on players’ computers.
