Internet and cloud platforms have today become a river where your sensitive information is subjective to crocodile-like Hackers. Just as technology is rolling up in terms of advancement, how vulnerable your privacy has become is beyond the scope of the description.
EA, the world’s 2nd largest gaming company, has recently patched flaws in its Origin Platform that could have allowed hackers to hijack millions of users’ accounts. When accounts would have been hacked, a lot of data about them would have got exploited to a huge extent.
The events had an interesting chronology.
The Check Point Research and Cybernet spotted the security threats and reported to cybersecurity companies which alarmed EA at once to take action. Had the patch not been provided on time, hackers could have got access to player account takeover and identity theft.
The abandoned subdomains, EA Games’ use of authentication tokens and single sign-in TRUST mechanisms built into the user login process were the weapons that gave advantages to the hijackers. The process is a little complex but comprehensive.
The attacker possessed a valid subdomain of the site without the real subdomain. The attacker would have required the victim to enter the password which could have given the former access to streaming accounts. Companies provide new campaigns with subdomains and portals as a part of marketing rule but soon these codes are altered and a new threat arises without the knowledge of the company.
The exploit was possibly a chain of several classic types of attacks—phishing, session hijacking, and cross-site scripting. But the poorly maintained DNS happens to be the key flaw that facilitated the exploit.
You can understand the entire process of hijack in the post made by Ars Technica. This is, in fact, important that we understand the possible threats and be educated to avoid them in the future.
The online and cloud platforms are increasingly targeted by hackers to collect user sensitive data and execute fraud attempts. While all Users are recommended to use two-step security on accounts to enable access and better security side by side parents are instructed to educate their children about online safety measures before allowing them to use it.