Game distributor and developer Electronic Arts currently holds the number two spot in the largest gaming companies list. And EA Origin is a gaming platform not unlike Steam. It offers all the games games developed by EA and others as well. It has a large user base making it a lucrative target for hackers. And recently, CheckPoint Software Technology and CyberInt found a vulnerability in EA Origin. This flaw apparently left as many as 300 million user accounts exposed to hijacking. EA has since fixed this issue, and the vulnerability has been patched.
EA Origin Vulnerability
According to the report by, EA Origin had a vulnerability. This allowed intruders to obtain user information without their usernames and passwords. All a hacker needed was a Single Sign-On authorization token, which provided complete control. Codes that are generated by the system to keep users logged in is called Single Sign-On authorization tokens. These are similar to user passwords but are much easier to steal. Earlier this year, Check Point noticed a similar issue with the Fortnite launcher as well.
Casey Ellis, CTO and founder of crowdsourced security company, Bugcrowd said, “The good news is that this is a vulnerability, not the confirmation of a breach. EA was alerted to the critical vulnerability before it could be exploited by malicious actors. Gaming companies, like EA, have a tendency to grow rapidly once their games get traction in the market, and speed to market is the natural enemy of security. Security efforts just can’t keep up or often isn’t even considered in the software development lifecycle.”
“This is an interesting vulnerability chain, taking advantage of issues that we see frequently in the Bugcrowd program: authentication implementation problems, specifically around SAML, and squatted/orphaned domains. This news just goes to show that engaging with the whitehat hacker community to perform attack surface discovery, and maintain that feedback loop on an ongoing basis, is the only way to identify these types of issues as they are inevitably introduced into the wild,” Ellis added.
WATCH: OnePlus 7 Pro: First Look
Director of Game and Platform Security at EA, Adrian Stone, told CNET, “Protecting our players is our priority. As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues.”