Posted on June 30, 2019 at 3:16 PM
The ever-increasing number of hacking attacks and exposed vulnerabilities clearly indicates the dangers of having flawed, untested systems. These flaws can result in serious security breaches, data theft, and more, if not found and mended in time. One example is an EA Origin security flaw, which was discovered earlier this year. According to experts, the flaw is so severe that around 300 million users were left completely exposed until the bug was discovered, reported, and fixed.
Situations like these make online security more important than ever, particularly as people shift more and more towards the online world. Of course, there are many who are concerned with leaving an online footprint, and so they try to reveal a few personal details online as possible. But, with prying services often requiring big amounts of such information in order for people to use their services at all, not a lot can be done about it.
There are also many who do not care about privacy and online security at all, posting pretty much anything online. These people tend to have the richest social media accounts, and all of their data is quite easy to collect. This also makes it much easier for sensitive data such as their financial details to slip and be stolen by hackers and scammers. Not to mention that they enter such details on countless websites for the purpose of online shopping, ordering things, paying for services, in-game items, and alike.
While we are at the topic of games, gaming is another industry that is rapidly moving towards its online version. Most of the modern games have some connection to the online world, whether that includes DLCs, a multiplayer aspect, or simply a connection to the websites and apps that track the gamers’ actions and record achievements. But, with this connection, gamers also tend to give out valuable personal information, which is stored by the developers, and possibly third parties.
This is already what many would consider an intrusion, but they tend to let it slide for the purpose of using services such as EA Origin. However, when a service like that also turns out to have flawed security, gamers often end up being outraged. This is why the EA Origin’s own security flaw picked up earlier this year and caused a lot of worries for the users of the service.
What was the EA Origin security flaw about?
According to security researchers from CyberInt and Check Point, the flaw is quite a serious one, and 300 million gamers are likely left exposed. The two firms notified EA as soon as they discovered the flaw, which was back in February 2019. Naturally, the flaw was addressed immediately, and a patch was released, so there is no reason for anyone to worry about it anymore.
However, it is still a serious oversight, especially since anyone could have randomly discovered it. Doing so would allow an attacker to steal an account’s authorization token, which is something similar to a password which users do not have to create themselves. These type of passwords are typically created by the services themselves. They are what allows users to remain logged in, and not log out after every session and then log in for the next one manually.
Most websites use such tokens, especially social networks. When it comes to the EA Origin, the majority of users tend to use these tokens as well, which puts them all to the risk of having them stolen, and their accounts accessed. This could lead to financial information theft and misuse, as well as collecting other details. The threat was quite a serious one, and researchers alerted the EA immediately.
The EA worked on the patch for three weeks, during which the flaw was kept secret. This was necessary in order to prevent hackers from discovering it before the patch was created and implemented. According to what is known now, the patch was implemented in March 2019, and EA Origin users are no longer in danger. However, this still poses the question — how many other services suffer from a similar flaw?