Experts from Checkpoint and CyberInt have made a controlled attack on the servers of Origin, where users have access to EA games. About 300 million people with an Origin account were potentially affected.

In the presented attack, it was possible to take control of the victims’ account, it was possible due to incorrect settings of DNS servers. The person who was logged in to the Origin account after clicking on a forged link was redirected to the subpage, where login details needed to be provided as well as other data, such as credit card number. The site did not raise suspicions due to the fact that it was located on the ea.com subdomain.

On the CyberInt channel you can see how the attack was carried out, several methods were utilized, including session interception, phishing or cross-site scripting (XSS) vulnerability, where the victim’s browser gets injected with Java script fragment that can be then executed through the browser.