The Origin service, digital distribution platform owned and operated by Electronic Arts, home to millions of accounts for gamers who want to play games like Battlefield, Apex Legends, Madden NFL, and FIFA. But with the release of a new exploit, there could have been serious trouble on the horizon, as any Origin user could have had their account on the service stolen without their knowledge.
For context, the service holds the games and personal details of more than 300 million users, this could have been a disastrous data breach had EA not been able to issue a patch. As of yet, no major reports of stolen information or accounts have been seen. And it’s not just EA that falls prey to this stuff, both Steam and GOG have had their own run-ins with security problems over the years.
The exploit itself is pretty complex, and involves a mix of hijacked domains, social engineering and malicious man-in-the-middle (MITM) attacks to hijack access to a given Origin account. It actually centers around a known and unpatched issue with Microsoft’s Azure cloud services, which host EA’s Origin content. The process goes like this:
- A user is tricked into clicking a link that leads to the Origin login page.
- That user submits login data, generating a valid login token.
- This single-sign-on (SSO) token is then forwarded to a hijacked subdomain on the EA site
- Attacker uses stolen SSO token to take control of the account.
Checkpoint Software researchers demonstrated the exploit in a video, which can be seen below.