MacNN | EA server used in Apple ID phishing scam, claims security firm
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
EA server used in Apple ID phishing scam, claims security firm
Wednesday, March 19, 2014 @ 2:40pm

A web server owned by game publisher Electronic Arts has been compromised and used in a phishing attack against users of Apple services, a security firm has claimed. The server, apparently used to host a calendar under the ea.com domain, is said to be used to try and acquire the Apple ID credentials of potential victims by posing as an account verification site.



The site in question attempts to trick the viewer into signing in to verify their Apple ID and password, according to Netcraft. The Internet security firm alleges the phishing site then asks for more personal information to confirm the victim's identity, including their full name, credit card details, date of birth, phone number, mother's maiden name, and other related sensitive information. Completing this second form takes the victim to a genuine Apple ID site, in an attempt to cover their tracks.

Screenshot of Apple ID phishing page on EA domain
Screenshot of Apple ID phishing page on EA domain
It is believed the server was infiltrated via a vulnerability in WebCalendar 1.2.0, software which was first issued in 2008 but has since received a number of security-related updates. This could have allowed the attacker to install scripts to the server, as well as access to other data stored on the server itself. In a statement to the BBC, EA said "Privacy and security are of the utmost importance to us, and we are currently investigating this report."

Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:
  • Apple releases second beta of 10.10.5 to developers - 8:13 PM EST
  • Briefly: Best Buy Canada Watch sale date; Smartflash case stay denied - 7:22 PM EST
  • Hands On: Satechi Bluetooth Media Button - 4:30 PM EST
  • Dashlane offers password management for iPhone, Apple Watch - 4:12 PM EST
  • Daily Deals: Nintendo 3DS XL, Harman Kardon speaker, MacBook Air - 3:40 PM EST
  • T-Mobile posts $361M net profit for Q2 following subscriber increase - 2:24 PM EST
  • Paragon Hard Disk Manager for Mac public preview available now - 2:14 PM EST
  • Apple office-space crunch continues with new SF SoMa lease - 1:48 PM EST
  • Apple pushes second beta of iOS 8.4.1 to developers - 1:30 PM EST
  • My Stupid Fault: a trio of (avoidable) tales of hardware failure - 1:15 PM EST
  • Apple opens fourth retail location in Hong Kong - 12:19 PM EST
  • App Update: AudioSwitcher, Invisible, MP3 Toolkit, more - 12:08 PM EST
  • Review: HP 14-inch 14-x030nr Chromebook - 10:53 AM EST
  • MacNN Deals: Three discounted productivity software packages - 10:33 AM EST
  • Samsung takes another beating in second quarter financial results - 9:20 AM EST
  • D-Link launches DWA-192 spherical 802.11ac USB adapter - 8:55 AM EST
  • Briefly: HBO Now on Verizon FiOS, Amazon Dash Button sales - 7:21 AM EST

    Today's iPodNN Stories:
  • So long, and thanks for everything! - 2:31 PM EST
  • Lizard Squad member convicted over 50,700 computer crime charges - 9:58 AM EST
  • Microsoft offers grants to universities for HoloLens research - 7:25 AM EST
  • LG Display starts mass production of AIT display panels for notebooks - 7:47 AM EST
  • Briefly: EE fined £1M in UK, Unofficial YouTube app on Android Wear - 11:14 AM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.