Bug Found In EA Origin Client, Could Expose Gamers' Data

Published: November 21, 2018 8:30 AM /

By:


origin

A researcher has found a bug in EA's Origin software which could allow malicious parties to gain access to users' account data.

The bug, which has since been fixed by EA, was discovered by "Beard" (obviously not their real name), a security researcher. Speaking to ZDNet, Beard confirmed that they originally discovered the bug on October 1st. When users try to edit their account on EA.com via the Origin client, the software will generate an auto-login URL which contains the user's active username and password.

Where things get troublesome is the way in which the auto-login protocol is used. Usually, the user's IP address or cookies are used in the authentication process, which means it's impossible for anyone other than that user to access their information. In the case of this Origin bug, though, the auto-login URL wasn't tied to either of these fail-safes, so the URL would work regardless of IP address or browser being used. A tweet by Beard accompanied the discovery in which a video showing the bug in action was included.

https://twitter.com/beardlyness/status/1049016210975682560

Users who are accessing their EA account via unsecured WiFi hotspots like cafes or hotels could easily be compromised if a malicious party took advantage of these unsecured links. Worse still, the auto-login URLs could be collected by malware or bots, hypothetically allowing criminals to harvest EA account data with abandon. Beard says attackers could access players' real names, the final four digits of a credit card number, the final digits of a phone number, and more.

According to the ZDNet article, EA was made aware of the bug earlier this month and worked quickly on a fix. EA says a fix was rolled out earlier in November, and that it doesn't appear that any users' data has been accessed through this method. Still, it's worrying that something so fundamental was overlooked by EA for so long. Definitely keep this bug in mind when you're using Origin in future.

How do you feel about EA's handling of the bug's discovery? Will this affect you using Origin in the future? Let us know in the comments below!

Have a tip, or want to point out something we missed? Leave a Comment or e-mail us at tips@techraptor.net


Joe Allen's profile picture
| Senior Writer

Joe has been writing for TechRaptor for five years, and in those five years has learned a lot about the gaming industry and its foibles. He’s originally an… More about Joseph