If you've been prompted to enter your Apple ID login, payment and security credentials via an EA Games subdomain recently, change your passwords immediately.
Same goes if you've logged in at an EA Origin subdomain within the past week: change your passwords and connected accounts ASAP.
Security auditor Netcraft announced yesterday it has discovered a slick Apple ID phishing scam running smoothly on an EA server, and a second phishing scam posing as an EA Origin login page. EA Origin is a popular games platform with an estimated 9.3 million users.
EA told press it patched the vulnerability later that night -- but did not comment on the second compromise posing as an Origin site, also discovered by Netcraft and reported to be still in operation.
About the Apple phishing compromise EA told BBC last night, "We found it, we have isolated it, and we are making sure such attempts are no longer possible."
Netcraft said EA's server compromise could have been avoided with security updates on a known issue with EA's 2008 version of WebCalendar 1.2.0. which was running on the server.
Netcraft said, "It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application."
It is unknown how long the phishing operation had been running, or how many Apple accounts were compromised.
Netcraft's blog post also explained its second discovery of a still-running phishing operation on an EA Origin subdomain spoof -- and said it has been running for at least a week.
Netcraft's Paul Mutton warned about the Origin phishing scam saying,
In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server. (...)
As well as hosting phishing sites, EA Games is also the target of phishing attacks which try to steal credentials from users of its Origin digital distribution platform.
For example, the following site — which has been online for more than a week — is attempting to steal email addresses, passwords and security question answers.
Quite disconcerting is a current comment set on Reddit about the compromise, which includes commentary from someone claiming to work at EA Games:
In the just-patched Apple ID scam referenced by the comment, users were presented with an Apple ID login screen on an ea.com subdomain, then directed to enter their full name, credit card number, expiration date, and verification code -- plus date of birth, their phone number, mother’s maiden name and other security details (likely the three security questions required to set up and verify an Apple ID).
After giving the malicious intruders all their Apple security information, users were directed seamlessly onward to the real Apple ID site.
Anyone who has re-entered Apple ID login and security questions for the past week should change their Apple ID passwords and security information immediately, and the passwords of any connected accounts.