1. Paul Collins4's Avatar
    A web server belonging to the games company Electronic Arts has been hacked and is now hosting a phishing website, according to an internet security firm.

    The website that has been put in place by hackers asks users to enter their Apple IDs - the credentials needed to access services like Apple's iTunes.

    A second screen then asks users to enter further personal information, including credit card details.

    EA said it was investigating the problem.

    Paul Mutton, from Netcraft, the internet security company that uncovered the hack, said in a blog that it was likely a vulnerability in an online calendar application hosted on the web server had been exploited by the attackers.

    The calendar based on the web server was an old version of software that had since been updated, he said.

    "The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities," he wrote.

    Once a user has entered their Apple ID and password on the fake website they are then asked to verify their name, date of birth, phone number and credit card details among other information.

    Users were then directed to the legitimate Apple ID website, said Mr Mutton.It was reported earlier in the year that other servers belonging to EA had been hacked, causing problems for users trying to log on to online games and services.

    A hacking group known as Derp posted a tweet claiming responsibility for that attack.

    Mr Mutton said he had reported the most recent problems to Electronic Arts but it appeared that the website still remained online.

    In a statement to the BBC, EA said: "Privacy and security are of the utmost importance to us, and we are currently investigating this report."

    Michael Sutton, from security research firm Zscaler, said that hackers using legitimate websites to host malicious content was now the norm.

    "Social engineering attacks always involve an element of communication - the victim must be tricked into performing an action such as providing data, clicking on a link, downloading a file, et cetera. Attackers have learned that it's far easier to simply infect an already popular web property than to attempt communication with victims directly," he said.

    Users should check that websites are secure before entering any private information, says guidance from Get Safe Online.

    They should look for a padlock symbol in the browser window frame and they should check that the web address begins with https - the "s" stands for secure.

    The advice also says that users should check the address in the browser's address bar after arriving at a website to check that it matches what they actually typed. Taken from BBC News - EA games web server hacked to host phishing website

    Z10STL100-2/ pin:2AE6118E
    03-19-14 05:50 PM
  2. ealvnv's Avatar
    And how is this an "Apple Security flaw" when the issue is happening on third party sever where apple has nothing to do?

    Sometimes is easy to point fingers in the wrong direction.
    menshawy likes this.
    03-19-14 05:57 PM
  3. Paul Collins4's Avatar
    Well asking for Apple id shouldn't apple have something to prevent this message from popping up?

    Z10STL100-2/ pin:2AE6118E
    03-19-14 05:58 PM
  4. ealvnv's Avatar
    Well asking for Apple id shouldn't apple have something to prevent this message from popping up?

    Z10STL100-2/ pin:2AE6118E
    There is no way they would be able to, this is just the same as when you get an email telling to update your bank account info, a website can ask you for anything the developer of the site wants, is up to you to make sure is a legitimate site.

    Nothing to do with Apple here my friend, it could very well ask for your bbid, PayPal info or anything
    03-19-14 06:02 PM
  5. MADBRADNYC's Avatar
    I don't use Apple products at all, so maybe I can be educated.
    Why would Apple prevent a pop-up from showing up on a device when the user is deliberately going to the site/server?

    I can say personally that if I am trying to go to a specific site/server and my BlackBerry prevents it, I wouldn't be happy.
    I would probably start a thread asking why and if anyone else experiences the same issue.

    Does Apple do that??? Prevent users from going to sites/servers?
    Even if the permissions are set to allow this?

    I think the best remedy is for Apple to post PSA via email to be careful about going to some specific sites, but not automatically block them.
    03-19-14 06:07 PM
  6. cdw5510's Avatar
    People crack me up. Apple is being targeted not being hacked.

    Posted via CB10
    03-19-14 06:29 PM

Similar Threads

  1. No Skype or other BB world apps after updating to 10.2.1.xxx
    By TrueKulcha in forum BlackBerry 10 OS
    Replies: 21
    Last Post: 05-05-14, 02:59 PM
  2. Should I be able to hear my Z10 running?
    By FSeverino in forum BlackBerry Z10
    Replies: 18
    Last Post: 03-28-14, 06:36 PM
  3. White Screen and Red LED but won't Connect to PC
    By nattyg8 in forum BlackBerry Curve 9310
    Replies: 1
    Last Post: 03-22-14, 03:34 PM
  4. Is MS OneNote ever coming to BB10?
    By CWhite34 in forum BlackBerry 10 OS
    Replies: 6
    Last Post: 03-22-14, 12:39 AM
  5. Poll game (android version)
    By rajeshkumar yadav in forum Android Apps (Amazon Store & APK Files)
    Replies: 1
    Last Post: 03-19-14, 07:23 PM